A WSJ article (Nov. 12, 2012), “Many Gadgets, Many Risks,” focused on the growing trend of SMBs allowing employees to use their own personal laptops and smartphones for work, which saves the employer on hardware but brings up many security concerns.
While larger companies have their own IT departments to train employees and provide sufficient anti-malware/anti-virus, SMBs who allow employees to use their own devices are left vulnerable to cyber attacks that could cause permanent damage to their businesses. Experts who help SMBs manage their devices were quoted in the WSJ article and weighed in on the risks to employers. One question asked was what happens when an employee loses his phone or leaves it somewhere, where anyone could look at sensitive information on his emails. Simple policies such as lock codes on phones are a step in the right direction. Also, what happens when an employee is terminated? Can the information on the phone or device be retrieved or shut down immediately?
A lost or stolen devivce poses the most problems. If the SMB doesn’t have the legal authority or ability to wipe information remotely, the company is vulnerable. The WSJ stated that more than half of lost smartphones are protected with mobile security features. another risk is that an employee could take along information to a competitor when he leaves the job. A major issue is that many employees do not keep up to date with the latest anti-malware/anti-virus on their devices. That danger leaves the whole company open to a malicious attack.
According to this article, which based its information on the reputable Gartner, Inc. reasearch firm, through 2014, employee owned devices will be hit by malware at more than twice the rate of corporate owned devices. SMBs are much more likely to be hit in these circumstances than larger corporations with their own larger IT departments. A large majority of small business owners are responsible for maintaining the cyber security of their businesses. That is a difficult task for the business owner who is not an IT expert and has other responsibilities.
A solution for the SMB is to hire an expert IT company to handle its cyber security and IT concerns, especially if it makes the decision to allow employees to use their own personal computers, tablets and smartphones. Forward thinking Managed Services providers are now able to deliver security and policy management beyong the PC, extending it to other mobile devices, whether they be company or privately owned. This is a topic that all business owners need to visit and evaluate.