When an employee does have permission to access and save
company data on his or her device, a different security threat emerges. Namely, that device now becomes a target for thieves. Theft of mobile devices (in this case, including laptops) is one of the primary methods that data thieves use. So, what can be done to secure mobile devices? Begin with a good policy regarding their use. According to a 2013 SANS study, organizations should consider developing a mobile device policy that addresses the following issues: use of the camera, use of voice recording, application purchases, encryption at rest, Wi-Fi auto connect settings, Bluetooth settings, VPN use, password settings, lost or stolen device reporting, and backup. 5 Besides policies, there are several different tools that an organization can use to mitigate some of these risks. For example, if a device is stolen or lost, geolocation software can help the organization find it. In some cases, it may even make sense to install remote data removal software, which will remove data from a device if it becomes a security risk. Usability When looking to secure information resources, organizations must balance the need for security with users’ needs to effectively access and use these resources. If a system’s security measures make it difficult to use, then users will find ways around the security, which may make the system more vulnerable than it would have been without the security measures. Consider password policies. If the organization requires an extremely long password with several Information Systems for Business and Beyond (2019) pg. 133
Made with FlippingBook flipbook maker