Managing Mobile Security In Small And Midsize Businesses

[The following is excerpted from "Managing Mobile Security in Small and Midsize Businesses," a new report posted this week on Dark Reading's SMB Security Tech Center.]

The tremendous popularity of mobile devices has created new opportunities and challenges for organizations. Employees are increasingly demanding that they be allowed to check their email, run business applications and access data from their own devices -- a trend known as bring your own device, or BYOD.

For the small and midsize business, there are many benefits to allowing employees to do just this: Users can work even when they're not in the office and using IT-assigned equipment.

Sales agents in the field can use personal smartphones to process credit card payments. Remote employees can access information when connected to a different network. The business owner can respond to email queries from customers after hours. For small and midsize businesses, the shift to using personal devices can have a tremendously positive impact on productivity.

However, along with benefits come security concerns and risks, and SMBs typically have fewer resources and more limited budgets than bigger companies do for dealing with such issues.

Many products are available for helping businesses manage mobile devices, but they often come with an enterprise price tag or are designed for large, complex networks -- or both. The SMB also needs a mobile strategy that includes not just smartphones and tablets, but also laptops, USB devices and consumer-based cloud storage services such as Dropbox.

Most discussions about mobile security tend to focus on smartphones and tablets, but they aren't the only dangers facing businesses. In fact, in environments where smartphones and tablets are not supported, the business still has to have a comprehensive mobile security strategy in place to ensure that employees aren't just walking around with sensitive data stored on unsecured USB drives or inserting infected drives into the network.

The easiest way to secure these devices is to provide employees with encrypted USB drives. The business has to make it clear to employees that if they need to copy data to a removable drive, the drive must be encrypted. If such a device is then lost or stolen, the data it contains will be of no use to anyone who finds it.

Indeed, being clear with employees and providing concrete policies are key to any mobile security initiative. Managing mobile security begins with an acceptable-use policy that spells out how personal devices can be utilized on the company's network. The policy should cover access and security elements, experts say. Access rules define what resources or applications are available from the mobile device. Security elements touch on the use of antivirus programs, encrypted drives and mobile management apps.

However, it's not enough to create the policy; you also have to enforce it. Accountability and enforcement can be particularly difficult for SMBs because they generally don't have access to the kinds of compliance programs and internal audit committees larger enterprises have.

To find out more about the mobile vulnerabilities that SMBs face -- and for some tips on how to eliminate those vulnerabilities -- download the free report.

Have a comment on this story? Please click "Add a Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.