Mobile security and privacy are two different aspects that concern IT companies and employers equally. There is a fine line between both. It is important for any IT company to securely manage the mobile devices of employees but at the same time they should be careful in not overstepping the boundaries.
All corporate rely on Enterprise Mobility Management (EMM) because of privacy concerns. They believe that they have right to keep their data private and employers should not get away with infringing the data or privacy of the company. Yet many employees complain for not being aware of such tactics and their privacy is being compromised in the name of mobile security. This creates tension in any corporate and calls for the need to strike a balance between both. The first step in creating that balance is in understanding the difference between mobile security and mobile privacy.
Let us see how companies as well as workers can ensure that the right steps are taken towards implementing the right security measures and there is no compromise on mobile privacy of workers.
- Not tracking GPS locations of employees post work
There is absolutely no need to track down the location of any employee after work or even in case he is not present in the office. This totally invades an employee’s privacy and can be of huge concern for him.
- Keeping work and personal information separate
The companies should always stick to measures which will keep the professional content separate from the employee’s personal ones. Let’s say if an employee owns a company’s mobile device. The device should be configured in such a way that it should be purely user-owned personal device. The company emails or other data should be separated from employee’s personal data. The company should not be able to see the worker’s personal information or modify it in any way.
- Flexible EMM approach
While many companies have strict EMM policy, care should be taken in ensuring that it does not invade the employee’s personal security. Say even in the event of an employee leaving the company, there should be a provision of remote wipe but only for professional data.
- Limitations to the data collected
Whatever data be collected by the company, it should be thoroughly assessed. The employees have every right to know where that information is going. Companies are subjected to regulatory measures in protecting Personally Identifiable Information (PII) and they must comply by that. If any company collect, store or use the employee’s PII, they must do so keeping in consideration the legal or regulatory obligations.
- Employ Geofencing
Companies should consider geofencing which implement their policies within a defined geographical location or area. This way location monitoring will not work outside the office premises. Certain trade-offs should be employed. For instance, the healthcare facility of any company should be devoid of the cameras. This is core step in maintaining patient privacy.
- Educate Employees
Transparency in the policies can go a long way in promoting healthy work culture. No employee would welcome unfamiliar technologies and that fear will act as a barrier in trusting the company’s motive. They must be educated about the benefits and privacy concerns of certain software or apps. They must be addressed about what data is monitored and it complies well with the PIIs and reasonable security controls.
The fine balance of mobile security and management can be bit tricky at times. But it is imperative to understand the importance of both privacy and security of mobile devices. Privacy is a huge thing for any employee in the same way security is for a company. If corporate adopt transparent measures with employees and respect their privacy concerns, the employees will be more accepting of their security measures.