Mobile technology is playing an ever bigger role in the workplace. According to a recent study by IT training and certification giant CompTIA, 84% of knowledge workers use an iPhone or other smartphone for at least some work tasks on a daily basis – unsurprisingly email and using web-based services ranked as the most common and universal uses.
Despite that level of use, the survey – which didn’t break out numbers for corporate-owned versus employee-owned devices – found that only 22% of businesses have an official policy regarding the use of mobile technology. An additional 20% indicated that they are exploring options for mobility policies but haven’t yet completed them.
It’s hard to understate the need for such policies. Businesses have long since had acceptable use policies for traditional technologies like computers, email, and Internet access in the office. While those policies touch on mobility because they almost always reference laptops and other portable devices, most were drafted before the rise of smartphone ubiquity and the launch of the iPad, which remains the primary tablet device in business.
Mobility policies are important because they set out acceptable uses and responsibilities for employees as well as alert employees to the fact that some of their technology use may be monitored. As with more general acceptable use policies, mobility policies are needed to give IT and management legal options when they are violated by users. With mobile devices including location-based services, it’s a real possibility that an organization might end up with unintended (or intended in some cases) knowledge of where a worker has been both on and off the job, for example. Such policies also protect employees and make them aware of what information their company may have access to if they opt to use a mobile device for work.
The introduction of BYOD programs have an even greater need for policies because they involve a user’s personal device, onto which IT may need to install volume licensed apps and/or a mobile management agent. IT may also need to manage the device for security reasons or to provide access to internal resources. If a device is lost or stolen or an employee leaves the company, IT will likely need to wipe corporate data or even all data from an employee’s iPhone or iPad – something that needs to be made completely clear to employees before they can bring their devices into the office.
It’s worth pointing out that the complexity of BYOD policy is the reason the FAA has chosen not to offer a BYOD program.
If users are expected to take responsibility for business data on their device and IT opts to monitor their device for compliance – with or without using full-on device management – then a policy needs to explicitly state those requirements, let staff now that the devices will be monitored and what the consequences for non-compliance will be. This an absolute must in any situation, but particularly when solutions that monitor devices without an app or agent being installed on them are used like Mobilisafe, which we profiled earlier this week.
The study also highlighted that 70% of companies believe that mobility in any form increases security risks with nearly half (48%) citing downloading unauthorized apps as a major risk to be addressed. Other risks cited include the following:
- Lost or stolen devices (42%)
- Mobile-specific viruses and malware (41%)
- Open Wi-Fi networks (41%)
- USB flash drives (40%)
- Personal use of business devices (40%)