Traditionally, the IT staff or outsourced IT provider of any small business has been in command and control of the technology choices that are developed for the business. Careful selection and implementation of hardware, software and critical business systems is paramount to maintaining security, business continuity and information protection. Today, however, consumers often have better, faster, or more productive technology than the average small business. This presents an interesting dilemma for the business entrenched in a tough economy, which can now trade the umbrella of control for increased productivity.

Consumer devices continually become available that would traditionally be handled by the IT experts. Once high-end devices affordable only to businesses are now lower in cost, simpler to use, and owned by individual consumers. However, sometimes a little availability can be dangerous. The underlying reasons for not allowing a device onto your network may be lost in the anticipation of the increased productivity.

For example, a worker’s personal smart phone may give him the ability to answer e-mails on the run, while this technology may have been considered by the business decision-makers to be too risky or expensive to deploy company-wide. When making this decision about whether to relinquish control, the business leaders of the organization must consider the risk factors. Let’s say, for continuing the example, that the aforementioned business is a mortgage company, and the user of the smart phone receives confidential e-mail referencing the personal financial information of his customers. What is the risk if the smart phone were to be lost or stolen? Is the device handled with proper security methodology in order to prevent a data breach?

Personal laptop computers and netbooks are wildly popular and more and more workers wish to use them for working on business projects, connecting with business services and checking and keeping e-mail, contacts and other data. Not all businesses can afford to issue netbooks to its staff. Some employees will go so far as to bring in and install their own wireless access points off the company network to use their own laptop computer. All of this presents security risks, not only for data protection, but for controlling access by outsiders to your business network.

Very common is the case of the home-worker. In years past, it was not only most likely the office workstation would provide the best productivity, but it was the only workstation available that could run whatever business productivity software was in use at the time. However, today it’s not uncommon for a home computer to be newer and faster than the machine the worker has on his desktop in the office, and he has a business productivity suite, like Microsoft Office, that equals the one in the office.

Once the business has allowed its data to be taken off of its own network, all control is lost. Of course, technology is available to make remote workstations safer and more secure to a business. The deployment of Virtual Private Networks (VPN) has greatly increased over the years to accommodate the growing number of home workers. A VPN is a secure Internet connection to a remote location, where the remote user has access to the Local Area Network (LAN) as if they are right there in the same physical location. There are still issues of data use control that can’t be resolved even with a secure connection. The employee must be trusted.

Not all businesses are safeguarding personal information, and not all business need complete control over the devices used by the employees. The approach that many organizations could take is one that allows for opportunistic advantage. Embrace the idea that some of these devices may improve productivity, and then decidedly take control of their usage. Simply issue a list of approved devices to the employees. Before creating the list, examine the risk factors of the various hardware and software that workers wish to bring in to enhance their productivity and user experience. Does it pose a security risk? Will it jeopardize data integrity? Does is compromise any regulatory compliance guidelines? Only choose the devices or software that would be approved and could be controlled by your IT staff or provider.

Make the list of approved devices available to the employees, along with policies for registration and use. If you currently have devices in use in your organization that you are unsure about, consult an IT expert like Centrend.

- Bill
 
***
Bill Bowman
Senior Technology Advisor
Centrend, Inc.
508-347-9550 x135