Personal mobile devices (PMDs) are being used for work purposes more often. It’s not just the big boys that are connecting with employees this way; adoption of handheld devices in small companies has outpaced adoption by large enterprises over the past few years. Although allowing employees to use personal devices may increase efficiency or boost morale, there are risks associated with PMD use at work.
While small companies have been quick to use mobile technology because of its low cost and familiarity, often even the simplest measures, like a password lock, are not being implemented as company policy. If a smartphone with no lock code is left behind, the potential for internal information being shared can be significant. Employees who travel present a greater risk if they are in unfamiliar surroundings.
The advantages of mobile devices for work purposes is clear: savings, efficiency, and connectivity. Small businesses can save thousands on technology budgets that integrate PMDs within their workflow. Mobile provides commerce transactions, document portability, and enhanced meeting capabilities. If employees are using their own devices, the learning curve related to the introduction of new equipment is eliminated. And employees can connect on the fly, reducing meeting attendance problems due to location issues.
According to a 2012 study by technology research firm Ponemon Institute LLC, almost 50% of businesses with fewer than 500 employees are allowing work to be conducted through PMDs compared to 35% of large companies. That leaves a significant number of small enterprises vulnerable.
A 2011 report from online security giant McAfee and Carnegie Mellon University revealed that 40% of the 1500 businesses included in their survey experienced a loss of PMDs with work-related content stored on them. Half of those lost contained “business-critical data”.
The challenges to improving mobile data integrity at small companies include legal authority and security systems. Due to the mixed nature of the information contained on a PMD used for work there may be few legal defenses for a company seeking to wipe employees’ personal devices. And while there are mobile security programs that help track and clean a PMD, they don’t help if they are not installed. The Ponemon study also revealed that more than half the smartphones used for work don’t have mobile security software installed.
But even if PMD risks due to physical theft are minimized, there is the issue of hacking. Another study of small biz PMD use, this one done by research firm Gartner in late 2012, indicated that employee-owned mobile devices will be hit by malware at double the rate for small companies as for large enterprises. Security issues are expected to be more problematic for smaller firms than those with robust IT infrastructure.
The other danger is through user behavior. Data backup procedures and user identification protection pose significant issues for companies trying to limit risks. The McAfee report showed that “fewer than half of device users back up their mobile data more frequently than on a weekly basis”. And often employees keep pin codes, passwords, and financial data stored on their PMD.
There are greater controls for companies that can afford to distribute work-only devices but managing employee use remotely is still challenging. The bottom line? Experts suggest drafting PMD use policies prior to allowing employees to use their device for work and protect data with available security software. Mobile security issues are expected to rise as more companies adopt the technology. Still, small business owners accept the perils that come with allowing work on PMDs because they see the value in allowing mixed use.