Mobile devices are a fact of life in today's CRM. Your people are using everything from smartphones to laptops to access your information and do business.
While this is a huge win for superior performance, it is also potentially a huge loss for security. Mobile CRM multiplies the attack surface and attack methods for your business. If you don't do everything possible to protect yourself it is all too easy to face a major data breach.
The problem is complicated if your company has a BYOD policy. Your users may love it because it is more convenient to work with the devices they know, but BYOD opens a raft of security and legal pitfalls that you have to navigate.
Here are some of the steps you need to protect your business from the hazards of data theft.
The first thing to do is to encrypt all your data on mobile devices. Choose a strong encryption product so that even if the device is stolen, the data won't be available to the thief.
There are many good programs on the market to encrypt the data on your mobile devices. You want to encrypt the data at the level of files and folders.
Password protection is well-nigh universal. Effective password protection is another matter.
The fact is that a lot of password protection is just about useless because the password feature isn't backed up by effective password policies.
It's not enough to have passwords on your mobile devices. You need strong passwords that are changed at frequent intervals. A strong password is at least 8 characters long and consists of a mixture of upper and lower case letters, numbers, and punctuation marks. It should be changed at least once a month.
Make sure to avoid obvious passwords like your birthday, your names or other easy to guess items. And make sure your people observe the rules.
A good password policy is something of a pain to implement, but losing data is an even bigger pain.
You can also get geo-locating software that will allow you to locate a mobile device remotely when the device logs onto the network. In some cases, the program in combination with a GPS feature will locate the device down to the street address.
Make sure you have the ability to wipe files from mobile devices if they are stolen or lost. This is the nuclear option in data security. Wiping everything on the computer renders the information inaccessible to any but the most sophisticated cracker.
There are a number of programs out there you can install on laptops and other mobile devices that will allow you to remotely wipe a device's drive if it goes astray.
This is an area that poses challenges in companies with BYOD policies. While your company owns the data it doesn't own the BYOD computer and this makes modifying the data legally dicey.
You need to establish firm and well-understood policies about what you can do to computers and devices you don't own, including what data belongs to who.