Most companies have a desktop computer usage policy in place, but with many workers using mobile computers, forward-thinking organisations have already developed a similar policy for mobile device usage.
Companies should use this policy to make users aware that security is important on their mobile devices and to raise awareness that they have sensitive company data on their devices.
John Engels, principal product manager of enterprise mobility at Symantec, suggests that any usage policy should include some basic rules.
“They should ensure people are keeping passwords safe, that they are using VPN if it’s configured for company business, that they do not leave the phone lying around, that they contact the corporation immediately if their device is lost, and that they are responsible for using the right applications for work correctly.”
But every organisation will also have its own specific needs. Here are some of the topics that might be covered in a company-wide policy.
1 Cameras in sensitive locations:
Some organisations want to prevent pictures being taken at certain sites.
If there are proprietary procedures or equipment that allow your company to produce the best widgets in the world, you won’t want people to walk in and take pictures.
To protect against this you can include a statement such as the following, restricting people from bringing camera-equipped mobile devices into those areas:
To protect sensitive information, company security reserves the right to sequester mobile computing devices including smartphones upon entry into research and development centres. All such devices will be returned upon departure.
2 Recording meetings:
If you want to avoid the recording of meetings, include the following:
Making audio recordings of meetings is forbidden in all cases, unless an audible approval from each participant is recorded at the beginning. Employees found using mobile devices in violation of this rule will have their mobile device privileges revoked.
3 Personal phone calls:
One way to keep costs down is to prevent users from making international phone calls. To make this rule clear, you might included a statement like this: