by clicking the arrows at the side of the page, or by using the toolbar.
by clicking anywhere on the page.
by dragging the page around when zoomed in.
by clicking anywhere on the page when zoomed in.
web sites or send emails by clicking on hyperlinks.
Email this page to a friend
Search this issue
Index - jump to page or section
Archive - view past issues
GRC Professional : GRC Winter 2012
31 encrypting confidential data is key to protecting companies from cyber attacks. Building trust builds security mike mcKinnon, a security advisor with aVG technologies, advises small businesses on their mobile device security. He says employers should open up a conversation by saying mobile security is as much about personal protection as it is about protection of company data. most businesses are using an exchange server or Google apps and should be using the security settings already built into those platforms. “It’s as simple as ensuring everyone uses a pin number on their hand-held device and have activated available Gps technology so they can track down their phone if it’s lost or stolen,” mcKinnon says. Watson advises companies to be careful with Gps in a BYod environment. “employees might feel like its an invasion of their privacy if they are made to have Gps tracking on their own phone because they might not want their employer to know where they are after work hours,” Watson notes. the privacy issue has several complex dimensions. regulation and workplace policy still tends to be murky when it comes to people’s rights when using a personal smartphone for work. Can an employer demand to inspect your personal Blackberry if you use it on the job? What if you pay the bill? one way to avoid legal quagmires is to issue electronic equipment and discourage staff from using their own devices for work. such devices are then surrendered to the company when the staff member leaves. Questions are also raised by examples where staff have lodged requests with employers for overtime pay based on the time clocked up using a work device for work reasons outside of normal working hours. and while companies generally provide for limited use of work computing equipment for personal reasons, what is the dividing line of “acceptable” use when an employee uses a work device for personal reasons in their own time? this is a potentially unclear area where organisations would be wise to be on the lookout for any issues. protecting data but not going too far when it comes to implementing restrictions will be the tightrope companies walk in a BYod environment, Watson comments. In government, many employees are not permitted to use consumer-oriented devices such as iphones for work purposes at all. However in the corporate world such solutions may be too extreme. “I know a major computer company where employees can’t connect to the internet, they can’t use Facebook and they can’t backup itunes. If you make it too restrictive then it defeats the purpose and this will be an area where the more progressive companies are better able to compete for talent,” Watson says. In future, technological innovation will provide new tools for managing smartphone risks. In the meantime companies need to ensure their employee and data management policies address this sometimes overlooked dimension of risk. ••• The privacy question: personal or work? A case before the US Supreme Court highlights issues around employee’s expectations of privacy when using a company-issued device for personal reasons. City of Ontario, California v Quon (2010) involved a police officer’s use of the employer’s phone for searching and personal texting of sexually explicit material. The police officer argued that the search constituted an unreasonable breach of privacy under state and federal laws, including the Fourth Amendment of the Constitution, as the texts were sent while he was off duty. The court found in favour of the City in this instance. Importantly, the City’s policies disclaimed any expectations of privacy. One lesson is that organisations need to routinely consider privacy and data security within their contractual obligations with staff. Technological innovations promise new solutionss A new technology for phones and tablets which enables you to have two separate virtual devices running in parallel from the same device’s core processor has been developed. It is anticipated the technology, pioneered by OK Lab, will become available to corporate customers within a few years.
GRC Autumn 2012
GRC Spring 2012