Today, in our fourth installment on actions that employers can take to prevent employee theft or improper disclosure of company data, we discuss risks associated with smartphones and mobile devices. When considering the use of mobile devices, a company should first decide whether to use company-issued devices or to allow employees to use their own personal devices (so-called “Bring Your Own Device” or “BYOD”).
One clear advantage of BYOD is that it reduces employer expenses and may improve employee engagement. However, a company using a BYOD program runs the risk of losing control over confidential information and data if a well-drafted BYOD policy is not in place. Additionally, if an employer terminates an employee utilizing their own device, there is a greater risk of misappropriation. For high-risk employees or employees with access to a great deal of critical information, a company-issued phone may be best because the employer retains the most control over the data on the phone.
In terms of how to prevent employee theft or improper disclosure of company data via smartphone, employers should implement basic measures, such as requiring employees to password-protect their phones, but they also should consider additional protections, including:
- Establish a policy that permits remote wiping of the phone when employment is terminated (or earlier if necessary).
- Limit the employee’s ability to download apps onto the smartphone. Some apps may compromise the phone’s security, and in turn, any confidential information.
- Establish procedures and checklists for ensuring the safe return of company devices. For example, when an employee returns a company phone, always verify the SIM card is still in place.
- Security breaches can occur through lost or stolen devices, so consider what information employees can access on smartphones, and how access can be limited in the case of a lost or stolen phone.
- Implement electronic monitoring and privacy policies that encompass smartphones and mobile devices.
- For employees who travel, consider policies that require encryption when traveling or that mandate use of a “clean” device that is devoid of critical or sensitive information.
Mobile devices are ubiquitous in today’s workplace, and the risks they pose to a company’s trade secrets are significant. However, by implementing affirmative rather than reactive policies, employers can protect their data.