More and more companies are empowering their workforce and executives to stay engaged with the office when traveling, by providing a myriad of devices such as iPhones, iPads, Laptops and other smartphone devices. The threat to corporate information protection increases when employees are traveling for business. Let alone, the physical threat of device theft; the issue of protecting company information through a mobile device is becoming more difficult every day.
Safeguarding of communications and data within the corporate environment can be challenging and at some times difficult based on various key factors, e.g. an individual’s data usage characteristics, company environment, lack of controls and/or corporate policy, compliance protocols, etc. Data and communication by senior executives is most times sensitive in nature and any unauthorized consumption of such data could result in negative and adverse actions against the company and/or executive, especially if company is publicly traded, approaching an IPO or other substantial company activity or transaction.
Ensuring the security and safeguarding of senior executive data and communications through the use of mobile devices (laptops, IPads, phones, etc.) requires an examination of current corporate culture, availability of any corporate policies that dictate usage and safeguarding and in some cases advanced training and awareness on re-engagement of common sense principles. In general a proper security policy is necessary to include the following:
- Types of information allowable on mobile devices
- Applications that are acceptable to use on any mobile device
- Where devices are allowed to travel to (countries/regions)
- Accessing only authorized and secure Internet locations
- Use of a mobile device for business v. personal time
Often times, various actions that an employee may deem to be safe turn out to cause adverse activity. A good example of this is a “free download” presented through an email to the employee. By clicking on the free download, there could be malware, viruses, key logger software, adware and spyware that are bundled among the download.
These types of adverse software and code can present various issues including:
- Drain mobile device batteries
- Cause the device to stop working or functioning normally
- Data leakage and loss of sensitive and corporate information
- Tracking of Internet usage and web browsing
- Installation of viruses and other malware
- Unauthorized access gained to corporate and home networks
- Network breaches and hacker access
Additional recommendations for safeguarding laptops:
- Use of a privacy screen at all times especially when traveling outside the office. This is especially necessary when traveling in close proximity to unauthorized individuals and “prying eyes” in close quarter environments of airplanes, trains and other modes of public transportation.
- Never leave your laptop unattended even for a “few seconds”. Executives as well as general employees tend to leave their laptop sitting alone while visiting airline club lounges, hotel lobbies, office locations, etc.
- Use of a cable-lock security system for your laptop while in hotel room is a viable method for preventing your laptop from being stolen. Aside from this, never leave your laptop in your hotel room when not in attendance. This includes brief time periods of visiting the hotel gym, eating breakfast in hotel restaurant, etc. Hotel room traffic by hotel workers is at an all time increase based on housekeeping, mini-bar attendants, quality control managers and other workers that may enter your room from time to time unannounced.
- Use of wireless networks – If the employee/executive plans on conducting business work on Laptop and will use public, airline and/or hotel wireless systems; these systems are generally open and available to the public. The company should have current use policies for VPN or other authentication methods to further enhance security of an Internet session so that information, data and communications remain secure.
- Encryption – It is especially important that if a laptop belonging to a senior executive is stolen while traveling, that the information is encrypted as to prevent unauthorized access to company critical information. If the company is not currently utilizing some form of encryption, it is strongly recommended that this item be reviewed and acted upon accordingly.
- Use of device location services, such as “Lo-Jack” for computers or other services that will locate a stolen laptop.