SME survival guide: What should SMEs include in a mobile device policy?

Support Analyst

Fav thing about the office

Very welcoming and positive atmosphere

As a child I wanted to be a ... when I grew up

A DJ, a rally car driver or a police man

Guilty Pleasure(s)

Jamiroquai, Madonna and Lana Del Rey

Favourite Holiday

Amsterdam

If I had a superpower it would be...

Invisibility ;)

Describe yourself in three words or less

Laidback, funny and charming

An interesting fact about me

I have some pretty good trampoline skills (used to)

Likes

Music, beer and relaxing

Favourite Band

I like rappers not bands! But if I had to choose - Empire of the Sun

Karaoke Jam

Madonna - Get into the groove

What I do at Q2Q:

I perform day to day support for Q2Q which means I resolve issues and perform tasks for customers.

I am fairly new to the IT world so I am currently improving my technical skills and customer service skills. In the future I want to perform implementations, assist on projects and perform more complicated resolutions to problems.

Background and Achievements

I have previously worked in warehousing, operations and supply chain. I have performed in-house IT support and also assisted on an ERP systems implementation project.

I currently hold a first class honour degree (Bsc Hons) in Network Engineering, Security and Systems Administration. I also have qualifications in retail and sales along with two forklift licences.

Hobbies and Interests

I don’t really have any hobbies I tend to spend my time with friends, family and my girlfriend. I enjoy going out, holidays and relaxing. I do however have a passion for music.

With one in three companies having suffered a data breach due to mobile devices, when it comes to ensuring the security of your IT systems, it’s important for SMEs to have the right policies in place!

So, whether your company provides phones, tablets, USB memory sticks and laptops, or you employ more of a Bring-Your-Own-Device (BYOD) approach, some clear guidelines are vital. This not only ensures staff members are clear on what data and services they can access on their personally-owned equipment, but it also helps to keep security tight and data breaches at bay.

So, what exactly should be included in a mobile device policy? Our tech-sperts share some advice below…

Disclosure agreement

First and foremost, this important piece of documentation ensures that standards and guidelines surrounding device usage are understood and adhered to by all parties.

Ultimately, the aim of the agreement is to cover all bases when it comes to protecting the confidentiality of your SME’s data.

From stipulating what files can be accessed on which device, to outlining where information can be stored, this needs signing by both the employee and the employer.

There is also normally a clause which states that if a company email account is linked to a personal device, the employer has the right to wipe it if they suspect foul play.

For company device policies, the below should be taken into consideration:

Keeping software up to date

There should also be a section which covers the importance of staff members keeping their devices – from smartphones and tablets, to notebooks and laptops – up to date with the latest system and security updates.

Clickers of the ‘remind me later’ button – you know who you are – listen up! It can be all too easy to ignore the little box popping up on the right-hand side of the screen when you’re busy, but it takes less than a minute to set a time when the updates can take place.

Installing new features and updates helps keep your device running quickly and securely.

Include Wi-Fi

It’s also worth noting somewhere in the document that employees shouldn’t connect the device to public Wi-Fi hotspots.

You might just be quickly replying to an email or logging on to the system to check some numbers, but there are risks to be aware of when doing these seemingly safe tasks – hackers could be lurking!

One way to help prevent unauthorised users from intercepting data, when connecting from any external location to your office, is to use a Virtual Private Network (VPN). This extra layer of security offers an encrypted connection between two sites, making it harder for any third-party to access your data.

Back it up

Because sometimes there are things you just can’t prepare for – think floods, power cuts and theft – it’s crucial to ensure your workforce is backing up company-owned devices, then nothing is lost forever!

Report loss or theft

It goes without saying that if an employee’s device is lost or stolen, SME data could be jeopardised, so an agreement needs to be in place whereby the incident is reported immediately.

As a result, this will give your IT support team the time to deploy action – such as the wiping of remote devices – as rapidly as possible.

Now, when it comes to physical device policies, here are some more points to consider…

Passwords

A basic rule that’s easy to stick to, it’s important you stipulate in the document that all devices require a password. If you think of your SME’s IT security as being multi-layered – like an onion – a password is one of the initial barriers facing a potential hacker, so it needs to be there.

And, when creating an effective password, there are many elements to consider – such as length, special characters, numeric PIN and the use of upper/lower case letters, to name a few!

Device inactivity

Here’s another quick win… Be sure to include information about how long a device should be inactive before requiring the user to re-enter their password.

This is a great way to help keep device access to authorised users only.

Device wiping

We mentioned earlier about employers being able to erase information from a device, but it may be useful to drill down into the circumstances, for clarity on both sides. For example, it could be deleted after a certain number of failed password attempts, or only in the case of a breach.

Disable hardware features

Employers can deactivate functions such as Bluetooth, camera access, UBSs and storage cards etc. to minimise the risk of security compromise and data interception.

There are many areas to consider when looking to draft an effective mobile device policy which all workers comply with, but if you’d like to have a chat about how to create the perfect one for your SME, give us a call on 01524 581690 or drop us a message!

SME survival guide: What should SMEs include in a mobile device policy? SME survival guide: What should SMEs include in a mobile device policy?