Mobile devices and cloud computing have given construction company owners and employees the ability to be more productive than ever by providing access to the information they need, when they need it, to effectively manage their projects. The flip side of that convenience is that if a mobile device ends up in the wrong hands, someone outside of your company could also have access to anytime, anywhere access to mission-critical information and sensitive financial data.
As owner, it is important that you make sure your construction company has a strategy in place to guard against this type of risk. One of the first things you will want to consider when developing your mobile security policy is “who owns the device?”.
According to the Sage 2013 Construction Industry Technology Trends survey, 47% of construction firms allow employees to use their own devices for work purposes. This is sometime referred to as B.Y.O.D. or bring your own device. This approach lets employees leverage the benefits of mobile computing while saving the construction firm money on device hardware.
Whether or not you adopt a B.Y.O.D. approach to mobility, it is important to have security policies in place to help prevent unauthorized access to your information systems. Here are some of the topics you should consider when creating your mobile security policy:
- For starters, consider applying existing security policies to mobile devices (such as password length).
- Share your intention to publish a more formal policy at a later date.
- Involve your employees in developing your policies. Gain an understanding of how they use their devices so you can develop and implement policies that reduce risk without being overly restrictive, Overly restrictive policies tend to non-compliance and low moral.
- Create a list of approved technologies. Consider creating a list of acceptable devices and apps to help ensure employees only use technology and apps from trusted providers.
- Develop a security plan. Take into consideration important practices such as data wiping, password standards, and employee access levels.
- Publish your policy. As with all company policies, communication is key. Establish appropriate security controls, clearly explain the expectations to employees, define company rights, outline expense reimbursement, and communicate what technical support the company will provide.
- Enforce your security policies. Like any guidelines, without enforcement, employees will view your mobile security policy as optional (especially in a BYOD environment).
If you would like help creating your mobile security policy, or would like to discuss the best practices that other construction companies are adopting, feel free to contact us.