Security pertaining to personal mobile phones.

[Chirag@LA]

I work with a newly set software firm which has luckily got some projects and I have been handed over the charge of data security in my firm and it is my undisputable responsibility to take care of the data and make sure it is extremely safe. The data basically belongs to clients and we have signed non-disclosures with clients. Even if we wouldn’t have signed. It is our responsibility to take care of the data that clients have handed over with utmost confidence. Now data being the most basic asset of companies these days, it is giving me goose bumps even when I imagine any of the sensitive data going in to wrong hands. It will ruin our client and us at the same time. I have successfully introduced number of adherences and all and it is all working fine accept for the fact that I am confused about controlling the use of mobile phones. Is it needed? If yes, How do I go about it now? Any suggestions or ideas for that?

[Zared]

It is definitely needed. I can say that without the slightest of doubts. When a client provides you with his most crucial, sensitive and vital data with something called trust it is your sole and primary responsibility to keep it safe and to keep it with you only. Any violation of this data can cause great loss to the client and it is not at all ethical at our end. In especially a software firm, we need to take special care of incoming and outgoing data and with mobile phones intruding into the security issue it makes it worse for us. The following security breach can happen because of cell phones:

- Discipline disturbance: people tend to forget where they are sitting and what they are doing when cell phones are used. Ringing cell phone in an extremely serious environment may cause other workers to get irritated and avoid concentrating on work. It is a serious issue these days not just in offices but everywhere from churches to hospitals and it turns out to be very irritating then
- Illegal outgoing data: Data can be easily captured in a cell phone, using a USB cord or Bluetooth connection and this might easily lead to transfer of data to external world.
- Virus attacks: A Cell phone if attempted to connect with a system or database might cause very serious issue in case the cell is infected or so and lead to severe virus attacks on the database
- Intercommunications: If there is any plotting between the employees during work hour, cell phone is the best, untapped way of medium for them and may prove out to be very dangerous.

I would recommend a complete cell phone ban or installation of a cell phone jammer in your office. This should save your data to it’s best

[Jugo]

I do agree to most of the things very correctly stated by you but then it is not always recommended to use cell phone banning system since cell phones are these days very close to people and it might be certain calls might be extremely important to them on missing out of which you might be guilty of some great loss happening to that individual. Let me list down some reasons why I don’t think banning cell phones completely should an option worth considering. Do pay consideration to it before making any decision:

• Emergency calls: there might be emergency calls coming to people from their friends or family which might be as urgent as some one’s accident where in this individuals presence might have created a difference. It might be news of death or birth and imagine the level of personal life impeachment you are doing to them.
• A refreshment source: you actually think and expect your work force to sit at a place and work for hours together? Can you do that? No, right? Don’t expect others to do that either.
• Emotional reasons: Imagine your pregnant wife wanting to throw tantrums as this is the only time in her life that you’ll find it cute and you are kept away from the only source of communication

The reasons are many more like this. What I would suggest is to consider these points too while deciding on a proper solution to your problem. I understand your concern but I think you cannot do anything better than creating a perfect cell phone usage policy instead of banning it where in above mentioned points are a part of criteria in your head. Just 1 question, what are you trying to run a firm or a school or jail? Ask this to yourself and your fellow security in charges when you sit to frame a security policy related to cellphones

[Chirag@LA]

I totally agree to what both of you all said. A complete cell phone ban was in my head till I read the last post but what then? What can I do then? What policies can I implement? How can I possibly eliminate the chances of both security breach and personal life impeachment at the same time? Security is my main concern not being a selfish brat of course.

[Jugo]

I would be glad to help you through this. I appreciate the fact that you do consider your employees too, but that shouldn’t be in your worry list, I tell you. If they are joining a software firm they need to know the importance of data and all. So I guess you should be more concerned about the data. I would recommend you to consider any of the following security policies to be implemented.

 2 min every hour system: you can implement a two minutes to 5 minutes break every hour reducing it from the main break hour and call it a phone break where in they can use cell phones outside the floor
 No obligation off-floor: this is a more convenient solution where in they can use the phone for as much time they want and as much times they wish to but without affecting the performance. If your company follows target then this would be a great option. Work whenever you want but achieve target should be your motto
 Phone confiscation: You can keep the phone at the security desk and implement a system where in the individual will be alarmed when the phone rings and he can use the phone if he feels it is urgent off-floor obviously without the slightest effect on the performance and the output expected or assigned to the individual
 No multimedia phones: Ban multimedia phones completely. Do not let them use phones which have sound recording, camera, video camera, USB or internet features. This should definitely be implemented this is better than a complete phone ban on the floor. Let them carry this phone on floor without any of these features
 Phone jammer: the next big thing in the security industry where cell phones networks are jammed and they cannot use the cell phone even if they carry. But in your case I doubt if this will help because your concern may be cell phones being able to capture and carry data. You are also this friendly ‘you-get-your-space’ kind of boss.

[Chirag@LA]

I think this was an excellent and the most perfect suggestion I could ever get and imagine of getting. I have selected a few implementations from your suggestions. By the way, was the ‘you-get-your-space’ any kind of taunt to me? Anyways, your idea of 2-5 min phone break sounds fine to me but don’t you think the time they’ll take to move out and then resettle would be far more than what we are calculating? Also, some of our employees do work on target basis but most of them are these hourly basis individuals who pack their bag as soon as the clock ticks their shift end. No multimedia phones is also cool but I cannot expect them to use 2 phones right and to design a policy line between a multimedia and non-multimedia hone is very difficult these days. Jammer is definitely out of my list as it serves no purpose to me. I find the security desk alarm as an apt option that I can possibly implement without much pain. It’s just a matter of a small investment but I am fine with it.