Policy for Mobile Phone Use - Assignment Example

Policy for Mobile Phone Use at Smith Kendon This is a mobile security policy outlining the proper use of company mobile phones. This policy covers how to handle the company phones safely and minimize risks of threats. This policy pertains to both the Windows Mobile and Blackberry Smart Phones. Along with explaining the risks of the threats that exist for mobile smart phones, this policy also outlines how such threats can be minimized, so the mobile phones can remain protected. Company Mobile Phones. These company mobile phones are designed for the convenience of employees to access necessary information, such as prices and product information, quickly and easily. These phones are not to be taken off the premises; they are to remain on company property at all times, unless you are given authorization to do otherwise. The company mobile phones that will be supplied are Windows mobile Smart Phones and Blackberries. You have the choice to decide which you will use. When a phone is issued to you that is the phone that you will keep. When leaving at the end of the day, you will return the phone to your locker and use it again when you return to work the following day. Company Security. While mobile smart phones are an innovative tool, we must remember that they can be hacked because they are designed similar to computers (Svensson). Because of this, confidential company information, such as account numbers and the like, is not to be shared on these phones via data usage. It is perfectly fine to give such information over the phone, as it may become necessary; however, sending and receiving it via data is strictly prohibited. Personal Use of Company Mobile Phones. Company mobile phones are not to be used for personal use in any way, shape, or form. They are for company communications only. We mandate this to keep the risks of infected software, such as virus and spyware finding their way onto the phone, via text message and downloads, to a minimum. The following is considered to be personal use of the mobile devices: Calling friends or making other personal calls outside of company communications. Downloading pictures, music, ring tones, software, and other media. Taking pictures or using the camcorders. Sending text messages other than for company communications. Surfing the Internet. Going on social network sites. Loading pictures and software onto the phone via an SD card or other storage device. If you wish to engage in personal use of a phone on the job, you may use your own mobile device on breaks and during lunch. You are not to deal with anything personal while on the clock. Furthermore, we are not responsible for the protection or security of your personal mobile devices. You use them at your own risk. Security Measures that are to be taken. Aside from observing the rules about personal usage, it is important that all of the security measures are strictly followed. If these security measures are not adhered to, then the mobile phones will be at risk. The security measures that are to be adhered to in regards to the mobile smart phones are as follows: Blue tooth is not to be used at any time. If the blue tooth is active even a small bit, this leaves the phone open to all sorts of threats and attacks, as there are many weaknesses in the security of blue tooth. In addition, viruses and other malicious software can jump onto the mobiles via the blue tooth connection (Jakobsson, and lucent). This is the reason that we ask the blue tooth to remain off at all times. If text messages are sent to you, and you do not know who they are from, you are not to open these messages. Text messages are another way that infections can find their way onto mobile smart phones. They can infect immediately upon the messages being opened, if the software is written in such a way (Vamosi). Do not open any unknown emails. This means emails that are from outside the company. Emails can spread viruses and other malicious software to the phones (Vamosi). Do not plug the phones up to any computer systems. Hooking these phones into the network will expose them to even more dangers because as the phones are able to do more things, they are more capable of being hacked, since they now possess computer capability (Stone). Stay off the Internet. The Internet is crawling with viruses and malicious software that is just waiting to infect the smart phones (BBC). The best way to protect these phones is to stay off of the Internet entirely. The Internet is not needed to check product information, pricing, and to communication within the company. All of the information that will be needed can be accessed through the database. Your phones are programmed to be in line with our database. You will be able to log on without having to go out onto the Internet, which is a territory for all sorts of unknown threats that may lurk about. Do not load any personal effects onto the phones via an SD card or from any other device. Your content may carry some sort of infection without your knowledge, and such an infection can travel onto the phones and completely destroy them. Not to mention, engaging in such behavior is against the personal use policy, as it pertains to company mobile phones. Viruses and Other Malicious Software. All smart phones are subject to viruses, no matter the type. Even Blackberries are subject to be infected with viruses. Just because Blackberries run on a different operating system does not mean that they are exempt from infections from viruses and other malicious software. Blackberries can become infected in all of the same ways that Windows Mobile phones can become infected (Oregon State University; Research in Motion UK Limited). Knowing that all smart phones are subject to infections, we have installed virus protection software on these phones. The virus protection software runs in the background, working hard to keep viruses and other threats from sabotaging the phones. These programs run similarly to the virus protection software that runs on computer systems, as mobile smart phones are just like minicomputers (IT Pro). Because we have protection software installed on all mobile smart phones, we expect you to cooperate with us to see to it that the software is working effectively and efficiently by doing the following: Scan for viruses regularly. Make sure the software is always updated. If there are any problems with the software, contact an IT personnel immediately for help. Do not delay in doing this because every minute that the protection software is not working properly to protect the phone, that is every minute that the phone is at risk for attack (Stone). You are responsible for scanning your phone for harmful software on a regular basis. It is recommended that you scan it at the end of every work week. Do not; under any circumstances remove the protection software from the phones. Doing so will result in disciplinary action. You will want to refer to our policy often, as guidelines can change without notice. We will make amending and deletions to our policy as new issues arise. Essay Because mobile smart phones are a target for viruses, a security policy has been set in place to insure that the phones are exposed to as minimal risk as possible. This policy is not only in place to see to it that the phones remain free from threats that are imposed by malicious software and viruses, this policy is also in place to see to it that company information does not fall into the wrong hands. If a hacker really wants to, he can get his hands on whatever data he feels necessary to institute is plans, compromising the security of his victims (Svensson). If hackers feel the desire, they can easily do the same to the company and exploit any information that they see fit. So, the policy is outlined what is acceptable and not acceptable, as far as it pertains to use of the mobile phone and company affairs, as setting such guidelines is important not only for the security of the company but also for the employees (Avolio; LexisNexis, a division of Reed Elsevier Inc.). As far as legitimate use of the phone is concerned, the policy outlines this clearly. The policy lets employees know that the mobile phones that are provided to them are to be used for company affairs only. NO personal phone calls are to be made on these phones and either is other personal activity, such as sending and receiving text messages, sending and receiving email, and using any other data, accept to communicate with others in the company. When the workday is over, employees are to return their assigned phones to their lockers, and they can pick them up upon returning to work the next day. This is to insure that phones are not taken home, and nothing is done on them that will be against company policy. As far as parts of the policy that need to be reviewed in the short term, there are a few areas that are weak and that employees may be able to find a way around. For one, even though employees know that they are not allowed to take their phones home, some may sneak and do this anyway. The only way to insure that this does not happen is that some monitoring system will need to be in place to insure that all phones return to the lockers where they belong and do not leave the building with the employees at the end of the day. Another area of the policy that is weak is that it will be difficult to track whether or not the employees follow directions as far as hooking phones to computers is concerned. While we will be able to monitor some of the activity, it will be difficult to see to it that employees do not sneak and plug their phones into computers, due to there not being any restrictions on staff-staff are allowed to come and go as they please and do not have to report to reception. Aside from those couple of weaknesses, the company's security policy is clearly written, enough so that employees will understand exactly what is expected of them. Of course, if they do not understand something, the policy invites them to ask questions. If the policy is strictly adhered to, the phones will remain secure, costing the company less money for new equipment if the current equipment is destroyed by a virus or malicious software, which is capable of destroying the entire operating system of the phone (Stone). Work Cited Avolio, Frederick M. "PRODUCING YOUR NETWORK SECURITY POLICY." Avolio Consulting. N.p., July 2007. Web. 20 Jan. 2010. . This site gives a common sense approach to writing a policy of any kind. This source is better than all of the other sources on the Internet because it breaks things down and explains very clearly how to write a company policy. BBC News. "Cybercriminals revive old scams to target smartphones." News.bbc.co.uk. Ed. BBC News. BBC News, n.d. Web. 20 Jan. 2010. . This site talks about how criminals are capable of completely destroying a smart phone. This site is better than any that could be found on the web because while there were other resources that covered the subject, they were not as detailed as this one. Not to mention, this one is a very authoritative resource because it is a news article informing the public. IT Pro. "Do smartphones need security software." IT Pro. N.p., n.d. Web. 20 Jan. 2010. . This talks about why it is important for smart phones to have security software on them. This site is better than all of the rest because it is one of the only ones that could be found that had proper credentials, and it explained everything in great detail. Jakobsson, Markus, and Susanne Lucent. "Security Weaknesses in Blue Tooth." Lucent Technologies - Bell Labs. Information Sciences Research Center, n.d. Web. 20 Jan. 2010. . This is an article that discusses the weaknesses of the security in blue tooth. This article is the most authoritative of the sources that were found, being that it is published by a science lab, and it is written by experts in the telecommunication field. LexisNexis, a division of Reed Elsevier Inc. "Why You Need an Employee Policy for Electronic Information." Martindale.com. N.p., 2009. Web. 20 Jan. 2010. . This document demonstrates how to properly write a company security policy. While it is not as clear and in depth as the above source, it shows us the layout of a written policy, whereas the other source does not. This website provided an example policy for a law firm, it can apply in this case, as the document here is just an example as to how one is written. This source is better than all of the others on the web because it shows a clear layout of a company. Oregon State University. "Information on Blackberry -- Virus Diseases, An Online Guide to Plant Disease Control." Oregon State University. N.p., 1 Jan. 2009. Web. 20 Jan. 2010. . This is a very in depth guide on how one can protect the Blackberry. This is the best site on the net for the topic for a number of reasons. For one, out of all of the materials on the subject, this one had the best credentials, as it was written and maintained by a University. Secondly, the site provided the most information on the subject, as others sources were either too broad or did not have enough information. Research in Motion UK Limited. "BlackBerry Internet Service-Security Feature Overview--787371-0826030100-001-2.8." Blackberry.com. N.p., n.d. Web. 20 Jan. 2010. . This is a source that talks about security as it pertains to Blackberry smart phones. This is the absolute best source on the topic, since it came from the Blackberry site itself. Svensson, Peter. "Guide To Breaking Cell Phone Security REVEALED." Huffington Post. N.p., 30 Dec. 2009. Web. 20 Jan. 2010. . This source tells how criminals crack mobile phone security, putting users at risk. This is the best sources compared to others because the article was not only a news source, experts were cited. Stone, Brad. "As Phones Do More, They Become Targets of Hacking." New York Times. N.p., 21 Dec. 2009. Web. 27 Jan. 2010. . This article explains how hackers are able to hack into smart phones. This is the best article on the web because this is the only source that has the necessary information needed for the topic. There were articles on the subject, but most of the articles lacked proper credentials, which are important in research. Vamosi, Robert. "Security Watch: Your smart phone has a dumb virus." CNet.com. N.p., 2010. Web. 27 Jan. 2010. . This site tells how viruses can find their way onto smart phones, and it also talks about the signs of a virus. This site is better than all of the others on the web because it explains everything in great detail, and CNet is an authoritative technical source. Read More