Assessing the Risks of Employees Using Tablet Computers
November 21, 2011
Tablet computers have dramatically changed the way people work. Though tablet computers can be extremely convenient, many companies have not yet assessed the potential risks associated with having their employees use these devices. Unlike traditional laptop computers, tablets do not have the same security features, and may be vulnerable to attack. It is important for employers to stay current with new technology that can help your organization run more effectively, while at the same time assess the risks and take steps to ensure that you are not compromising the security of your organization.
Some considerations include:
Buying Tablet Computers for Employees
Depending on the size and the role of computers in your business, it might make sense to buy tablets for your employees to avoid having to enforce corporate policies for employees who use their personal devices to conduct business. If an employee with a device leaves the company, steps should be taken to ensure any important data left on the device is completely removed.
Computer Use Policies
If your company has a computer use policy, ensure that it can be applied to tablet computers. In the event that a device is lost of stolen it is important for the device to have standard security, such as password protection, enabled. Employees should only be allowed to use company approved applications, such as ones that exist for the iPad, for company related business. Have your company's IT staff periodically check that there are no viruses or unauthorized applications being used on the tablets.
Data Retention Policies
If your company is ever involved in litigation, it is very possible that you will be required to provide electronic and paper documentation. Rule 34 of the Federal Rules of Civil Procedure covers tablet computers. Therefore, it is important that tablet-related data is being stored effectively and can be accessed if it is needed, and such data should be covered in your company's data retention policies. Therefore, consider forcing all e-mails to be routed through your company server so you can archive messages. This will limit information leakage, make it harder for employees to steal data through personal e-mail accounts, and limit the probability of virus transmission to company networks. It is also a good idea to consult your attorney on best practices in data retention and management.