For many employees, the line between work and personal life has grown increasingly murky. Many now use their own tech gadgets to do business as often as they use company property. On the one hand, that can save the company money on hardware and make employees more efficient – but it also presents serious security risks.
Short of banning employees from accessing work files with personal equipment altogether, there are five things we here at Kroll Ontrack believe businesses must keep in mind when it comes to employees using their own mobile device in the workplace:
1. Have a policy and communicate it
Take control of managing the retention of documents, especially business-critical information. To ensure a strong, manageable approach to data retention, businesses need to create and distribute a policy that outlines what is and is not acceptable for employees to do when it comes to personal mobile devices, applications and other tech tools. Companies should also organise periodic training sessions that cover issues such as social media usage, protecting personally identifiable information, creating strong passwords and maintaining proper privacy settings so that employees can clearly understand the appropriate and inappropriate uses of their personal devices.
2. Know regulatory requirements
When you are utilising an organisation’s device, regulatory requirements for storing documents typically apply. This concept must also be applied to people using personal devices to do company work. Business owners need to work with employees to ensure that all devices, both personal and professional, meet regulatory standards.
3. Back up often
Users who opt to use a personal device at work need to understand that their employer is not responsible for managing and protecting their personal data. Most consumers don’t run out and buy a backup system for their personal devices, but they should be aware of the many options available to them and proactively look for a backup scenario that works for their lifestyle. For example, an easy and effective way to back up data is through an online system. This gives users faster recovery if an issue does occur and provides multiple access points to data so employees don’t have to carry around physical storage such as a USB stick or external hard drive. Organisations should consider creating official backup/archiving repositories that mobile devices can access, such as cloud-based storage solutions, rather than leave individuals to find their own solutions.
4. Be aware of your “personas”
For most, organising your data and respective communication accounts to support different “personas” isn’t an issue. However, business professionals should always try to keep their business and personal life separate. The advent of social media has made this more difficult, as many people now have one account where they showcase who they are in both lives. As these personas blend into one, users often make comments or post status updates before thinking about who they represent as an employee.
5. Know who owns what
With the evolution of personal devices, it is very easy for users to have access to multiple personas at their fingertips both in and out of the workplace. Users should be advised that any work done on a personal device related to business belongs to the business and not the user. If the employee should lose the device or it should fall into the wrong hands, the user’s workplace can reserve the right to wipe the data remotely. Business owners need to make employees aware of the policies for the authorised work-storage environment from the beginning.