Managing Sensitive Information on Mobile Devices

More and more business these days is conducted remotely, from home or on the go, using a variety of mobile devices, including cell phones and tablets.  These tools allow your North Dakota business to proceed even when employees travel, take sick days, or simply work from home to avoid a long commute.

Are cell phones safe, though?  While you can certainly place restrictions and protections on company property, there’s no guarantee that an employee’s personal devices have the same protections.  What can you do?  There are several ways to protect sensitive information on mobile devices in order to comply with consumer privacy laws and protect your customers and your company.

Policies and Procedures

Whether you own a retail operation, you manage a private medical practice, or you’re in the finance industry, you need to understand that consumer privacy laws relate to any devices that store data, including mobile devices.  While computers are on your network, and are easy to protect with firewalls, antivirus software, and other security, you don’t necessarily have the same control over devices that employees take with them when they leave the office.

It is therefore imperative that you create clear policies and procedures to govern the use of these devices.  This could include mandatory use of security software, as well as mandatory security updates for any devices used for work purposes, even those that belong to employees.  Remotely accessing data on the network should only be done with the use of a secure VPN, and employees should not be allowed to use public Wi-Fi with their devices, in order to avoid security risks.

You’ll have to determine the policies and procedures that work for your company so you can properly comply with consumer privacy laws, including industry regulations like HIPAA and FACTA, if applicable.  Just make sure that employees are aware of these rules and that they understand the penalties for failure to comply.

Rules for Personal Devices

In addition to having employees install approved security software on any personal devices (cell phones, tablets, laptops, etc.) they use for work purposes, it’s imperative that you insist on wiping confidential data from mobile devices when employees leave the company.  With company-owned devices, this isn’t a problem, as they’ll be returned, but with employee-owned devices, you could have a real problem if there’s no policy in place.

You’ll find plenty of 3rd-party software that can be used for this task, but you may not trust a terminated employee to comply.  In this case, you’ll have to task your IT specialist or someone from your IT department with ensuring that any sensitive data is removed from personal devices before employees exit the company.

Mandatory Wiping/Destruction

The best way to ensure that sensitive data stored on mobile devices doesn’t fall into the wrong hands is to adhere to a strict policy of wiping or data destruction when a device is no longer in use.  Since you can’t do this with employee-owned devices, it might be a good idea to simply provide cell phones and tablets for employees that need them so they never have to conduct business on their personal mobile devices.

If you need help wiping or shredding devices, contact the experts at SEAM today at 605-274-7326 (SEAM) or online to request a quote.