If you want avoid needless damage caused by mobile devices used by your employees, it’s high time that your HR and IT departments started working closely together to formulate rules for the use of company mobile devices. According to trainingmag.com, these rules should be based on three fundamental concepts – corporate culture, the company’s commercial goals and common-sense. Cooperation between HR and IT should begin by finding answers to the following questions:
- Which mobile devices and platforms can be used for corporate purposes?
- Which minimum security requirements must these devices and platforms fulfil?
- Which applications are necessary and which undesirable?
- How will the use of the selected applications be monitored and promoted?
- To which corporate networks, services, applications and data should employees be allowed access via mobile devices?
- How will the settings of mobile devices, applications and data be monitored and controlled to ensure the minimisation of risk?
- Should connections to mobile VPN be permitted? And if so, via which platform?
Rules for the use of company mobile devices must be made out in writing and must cover the following four basic areas:
1. Ownership of mobile devices
Clearly specify who bears responsibility in the event of the loss, damage to or theft of a company mobile device in specific cases. Require employees to immediately report the loss of a device so that HR and IT can take steps to protect the company’s tangible and intangible assets.
2. Rules for the use of company and private mobile devices in the workplace
Inform your employees that, while company mobile devices can be trusted, private ones can’t. The IT department should specify which private devices can be connected to corporate networks and data. Start with a list of devices and applications through which access is not permitted.
3. Mandatory and permitted software
Specify the software packages that every employee must upload to their mobile device and regularly update. Describe how the updating process works. Make sure that permitted software ensures the adequate protection of data on individual platforms.
4. Control of mobile devices
You need to know the extent to which individual mobile devices are able to decrypt your data, applications and access to corporate networks. You must therefore provide a description of specific options for the securing of company data and networks in the event of failure of the protective functions of the given mobile device.
-kk-