Friday, May 07, 2010


In the not too distant past the only way you could distinct top management from the corporate troops was the laptop bag. This was a status and power differentiator. Management was issued with laptops which they lugged around with barely concealed pride. With time, laptops became affordable and accessible to most employees. Today management has a new differentiation tool – the smart-phone. If you are perched up there in the corporate ladder then you are issued with a company smart-phone.

These smart-phones are powered by Windows Mobile, Symbian, Apple and Blackberry operating systems. They are microcomputers in their own right and apart from being status symbols, they are useful business tools. These phones, for example, have data capacities of 2 gigabytes, meaning they can store over 2,500 emails and/or 3,500 medium-sized documents.

Their ubiquitous multi-functionality means top managers and business-people use these devices for commerce. They access company e-mails and applications on the go.

This raises serious issues of data protection. A stolen or lost smart-phone would be a treasure trove for any hacker even if it only contained company e-mails. These devices are not only being targeted by your run-of-the-mill criminal but more worryingly by cyber criminals.

Implementing security measures like encryption is a popular security measure but has limited success. Encrypting data on most smart-phones takes a lot of processing power with the result that most users get frustrated with seeing busy hour-glass icons and eventually just switch off the encryption or ignore it altogether.

Despite these shortcomings organizations are advised to implement encryption in their company issued phones. This will not stop eavesdroppers (something that is becoming prevalent in Nairobi) but will impede the cyber criminal from obtaining useful data from your stolen device.

Another pertinent aspect of company phones, apart from security, is liability. Who is responsible for their loss, data and hardware? It is arguable that since it is company issued and the data on it is there by company assent, then it is the company that is liable. This includes the Board and the immediate ICT managers.

The company should put in place appropriate technical and organizational measures to protect corporate data in these smart-phones. One of these measures is to make it mandatory for all employees with these phones to encrypt the data and ensure encryption is always implemented.

Company issued smart-phones will increase in the near future especially due to privacy concerns and work separation needs. Encrypted data will therefore be commonplace in mobile devices because it is safe data and is hidden from industrial spies and hackers. This is the immediate available course of action organizations should adopt if they are to secure their systems from remote break-ins.

No comments: