Scott Block

How to Reduce Smartphone Security Risks

There are a number of ways a company can cope with the employee-owned device challenge. The biggest decision is the level of support your company is willing to offer to non-company-owned devices and the means by which they access data.

In many cases, employees with their own devices are only permitted access to corporate email. This requires a fairly low level of support, as most smartphones have ActiveSync capabilities and can easily be configured by the end user.

In other cases, employees are permitted access to business data (besides email) but are not provided technical support through the IT helpdesk. They are mostly left on their own to resolve their issues. Yet other companies allow full data access with a full level of IT support.

The method of data access can sometimes drive the level of support. In the case of client/server data access, most companies prefer that devices be company-owned and company-supported due to the need for greater support. However, if employees use a Web portal to access company data, the degree of support needed is much less, simply because there is no complex software running on the end user's device.

Understand Your Security Options

Although security is always a challenge in small business, you have many options for keeping employee-owned mobile devices protected. With the advent of mobile VPN and mobile security suite products, your business can implement security with relative ease. There are also companies, such as Cbeyond, that offer mobile security products and can assist in implementation.

Look for Certain Features

Features such as device lock, wipe and “phone home” (which sends a stealth message from a lost or stolen phone to aid in tracking) capabilities are popular in mobile security today. If your company is using Microsoft Exchange for email, password protection can be enabled, requiring end users to enter a password before accessing their email. With a hosted Microsoft Exchange product, security can be enabled and enforced through the cloud.

When an employee using his or her smartphone for business leaves the company, once that employee account is removed from the Exchange server, he or she will no longer have access to a corporate email account, which secures all the data stored in that mailbox. If using password protection, the employee's credentials are revoked and he or she is unable to log in to the server.

The business world -- small, medium and large -- is making the transition toward employee-owned devices and away from company-supplied ones, primarily due to the associated expense. The best steps any business owner can take is to use password protection for data and email access and implement device security measures so that if a smartphone or tablet is lost or stolen, data can be secured or erased. And offer at least a certain level of technical support to ensure users can work as efficiently as possible and don't become frustrated with the technology. It is there to make a worker more productive, not to cause extra stress.