How to tackle risks posed by tablets

The growing popularity and use of mobile devices, such as smartphones and tablets amongst Kenyan consumers, is creating a major challenge for chief information officers (CIOs) in Kenyan organisations.

Many consumers who purchased smartphones and tablets for personal use have realised that these devices can also be valuable for work.

As a result, it has led to an increase in employees - especially senior executives asking their CIOs to support mobile devices, including allowing these devices to access sensitive corporate network resources.

While employees are attracted by the convenience of mobile devices, most CIOs are finding it difficult to support and ensure the security of these devices since the organisations do not own or fully control them.

With the advancement in technology, most mobile devices have the capacity to store large amounts of corporate data and the capability to run robust applications.

This increases the risk of losing unprotected corporate data stored on these devices and likelihood of hackers attacking the corporate networks and systems since most of these devices don’t employ traditional security controls.

Currently, some organisations in Kenya have chosen to entirely prohibit the use of mobile devices for work. However, this approach is not a realistic long-term solution.

Kenyan businesses need to implement flexible mobile device management strategies to reduce risks posed by use of employee-owned devices at work. Such strategies should balance tradeoffs between employee productivity and data security.

To support such strategies, organisations must implement policies and technical controls to reduce risks while supporting appropriate use. Such policies should address legal, privacy and security requirements.

From a legal perspective, if an organisation allows their employees to use personal devices for work they need to understand the legal consequences of such a decision. Another consideration that employers should address is the privacy issues related to the use of personal devices.

To ensure the organisation can support the consumer owned devices, there is a need to limit the types of devices employees are allowed to connect to the corporate network.

Such an approach ensures the organisation is able to standardise devices and build the required capabilities to support such devices.

In terms of technical controls, there is a whole industry dedicated to corporate mobile device management (MDM) solutions.

It is also important to involve senior management and other employees in the process of developing device management policies and use this opportunity to educate them on the risks of using personal devices for work.

Such an approach will better prepare the organisation in dealing with this fast growing trend.