Email has become a critical part of business communications. As such, employees are expected to respond to email in real time, all hours of the day. The most convenient way to implement that is to setup their work email on the personal mobile device so it is right there when they need it. The question them becomes, who own the information on that device and do I have to worry about it falling into the wrong hands?
The answer to the question about ownership and responsibility should be clearly outlined in the company’s acceptable use policy (AUP) if they are allowing employees to access the business data from their own devices. The section of the policy would be referred to as BYOD (bring your own device). Aside from having a policy, it needs to be understood and signed off by all employees, but also implemented with fail safes in place in the event of a lost or breached device.
You can protect your data with a mobile device management (MDM) solution which would allow everything from the segregation of the personal data from the work data, to a remote wipe of the device in the event that it was lost. This can be a controversial concept for an employee who also has their personal information, pictures, contacts, etc. on the device as a wipe of the device would destroy all of that as well. This is why ensuring that people understand the responsibility they take when adding a work email account to their personal mobile device is critical.
Ultimately, you should be concerned about all of the places where you allow company data to reside as a breach of any of those areas could cause the company damage in both financial terms as well as reputation and business survival.
Michael Giuffrida is an experienced business leader who has been advising and growing businesses since 1997 in the areas of information technology and and managed security services.