Introduction
Mobile computing ensures that employees become flexible when carrying out their responsibilities in the business environment and in other places of work. It ensures that the employees are able to have unlimited access to information at any location and at any time (Helal 2002). The constant use of mobile security is reported to have enhanced productivity in the business world. The use of mobile computing comes along with increased vulnerabilities and security risks (IT 2011). Mobile computing can be termed as the access, storage, transportation and the processing of information that relates to the organisation by the employee who perhaps may be working from home or outside the office environment (Kamal 2007). It basically encompasses the remote access of information of the workplace by the use of mobile devices for instance i-pads, iPhones and laptops.
The personnel may opt to work in uncontrolled public locations like hotels, airports, airstrips and other public places. The use of mobile computing devices in such locations increases the chances of exposure to information risks. For successful mobile computing to be realized, additional security awareness should be ensured to the employee’s body. This will ensure that effective security is provided to the information that is accessed, stored or transferred via the internet. The risk of using mobile devices, wireless networks, portable storage devices and access controls has been increased by the constant application of mobile computing.
A robust security policy that offers guidelines in mobile computing is, therefore, a necessity. A robust security policy should provide guidelines on protection of sensitive information, working from home, the remote access of data, risk awareness, the storage devices, wireless networking, information accessibility management and malicious code prevention techniques (Beachy 2012).
The paper will discuss various areas which effective policies in the current business environment should touch on to ensure effective mobile computing. The paper will also discuss challenges that are faced by the employee in the event of trying to ensure the security of the information and data that they handle in their portable devices. Benefits of ensuring security of the information handled in the work environment will also be considered. This will enable appreciation of the need for of an effective security policy in the workplace environment while using the mobile devices. The paper will also aim to expound on the features of a policy that can be deemed suitable for use in the business environment, in terms of the objectives, scope and how it addresses the information risks in the organisation. The paper will conclude by offering recommendations to organisation concerning adoption of effective security policies of computing.
Aims of a Security Policy for Mobile Computing
A security policy for mobile computing should be able to aim at certain goals during its application. An effective policy should aim to improve the awareness of the workers on the safe mobile computing techniques and on information safety (Green 2013). It should also aim at minimizing instances of unauthorized access and misuse of information resources of the organisation (Green 2013). Finally, it should ensure the reduction of cases of theft of loss of the mobile devices used for mobile computing.
Significance of Information Security
The primary goal of information security should be the protection of the information resources. This may involve the practice of safe behaviors of computing so as to minimize cases of theft and misuse of the organization’s information (Solms 1998). Serious consequences may arise when the security of information is breached or when information loss has occurred. The gravity of the matter may vary subject to the extent of sensitivity of the data whose security has been breached. The consequences may include the following among others. Personal information may be disclosed to wrong people. The ability of the organisation to deliver its services effectively can be interrupted especially when information is lost. The organisation may also incur financial losses in the event of fixing the problem so as to normalize their operations. The well-being and safety of the public may be threated especially when the information leaked touches on issues of security. The breach of information security can also lead to the loss of trust in the organisation or government. Implementation of a secure policy that prevent breach of security and loss or information of an organisation is, therefore, not an option but a mandatory initiative.
Challenges Facing Mobile Computing
The major concerns in mobile computing are the ability to ensure protection of stored information and the transmitted information by the users of portable devices. With the use of mobile computing, the risks of unauthorized access to information, destruction or modification of information and disclosure of information are increased (Vermeulen and Solms 2002). These concerns are intensified by several concerns. Usually, the personnel use unsecured networks that my expose them to vulnerabilities to their devices. The users do not usually encrypt their data hence modification, enclosure or deletion of sensitive information may occur. Unsecured mobile devices increase privacy and security risks to information resources and information. The size of the portable devices also facilitates their theft or loss. Most devices lack information systems that are automated. This increases vulnerability to viruses due to lack of automated updates. Lack of awareness of the surrounding by the personnel may also encourage social engineering methods like eavesdropping and shoulder surfing with the motive of gathering passwords. The usage of unapproved software and portable storage devices may also grant access to unauthorized users. Suitable and effective security policies should, therefore, be formulated to address the challenges and areas of concern mentioned above so as to ensure security of information while doing mobile computing.
Policies on Protection of Sensitive Information
Policies on protection of sensitive information while using portable devices, should provide directions on how the personnel can process, store and transmit information that is sensitive in nature (Rasheed 2012). Such policies aim at ensuring protection of information appropriately from disclosure or modification. New personnel should be able to sign policies and acknowledge their presence during the period of orientation. The policy should outline the levels of sensitivity of a given piece of information. An appropriate policy in this area should be characterized as follows. It should define the authorized persons to have access to certain information within and without the firm. The process of storage and transmission of sensitive information should be included in the policy. Systems to be used in the storage of sensitive information should be appropriately specified. It should be able to define how sensitive information is to be printed on insecure printers. Also, the transfer of sensitive information in the mobile devices should be subject to control by the policy system.
With effective implementation of policies on protection of sensitive information, the storage, transmission and the processing of information in mobile computing can be free from information security risks.
Security Policies on Working from Home
Information security challenges are generated by the idea of using mobile computing in working from home. Research depicts that most firms do not offer guidelines to their personnel who work from home. In Europe close to two third of the personnel current work from home (Graaff and Rietveld 2007). Only 18% of the organisations in Europe provide their personnel with guidelines on the type of electronic information that can be taken out of the office and those that cannot be transferred from the office. A formal security policy is required to govern this area that widely applies mobile computing. Policies that outline the kind of documents to carry home with the portable devices, handling of the mobile devices of work at home and the safe storage of the sensitive information within the home should be formulated.
Remote Access of Information
Mobile computing also involves the access of information by the workers in a given organisation by means of connection to a remote server. Remote access server runs on Remote Access and Routing. The users are authenticated by the administrator of the network. Various specialized guidelines should be followed if information security is to be realized while using remote servers in mobile computing (Peltier 2002).
The security policy on mobile computing should be able to address the following issues concerning Remote Access and Routing. It should outline on the persons who are authorized to enable, disable and configure Remote Access and Routing. This will ensure that accountability is maintained in handling the information resources. The method of authentication of the users or personnel in the network should also be stipulated by the policy. This will ensure that only the legitimate members of the firm have the authority to access the information of the organisation. The use of passwords should also be dictated by the policy. The level of strength of the passwords should be taken into consideration. This will ensure that hackers do not have an easy time in hacking employee’s accounts. The policy should also stipulate the mode of restriction of the remote access. It should specify whether restriction should be done to the network of the organisation alone or to specific groups of users. The times of access information should also be stipulated by the policy. This has the benefit of guaranteeing the convenience in accessing information by the authorized users at the right time as required by the organisation. This may prevent leakage of sensitive information to the wrong hands or damage of the online information resources.
Information Security Awareness Policies
Elaborate policies should be developed to address the level of awareness of the personnel in the process of mobile computing. The human element is usually the most challenging threat in mobile computing security. Their knowledge of the basic information security tips will serve to boost the protection of the organization’s information and information reserves (Wood 1997). It ensures reduction of the risk associated with information security. The employees will, therefore, become more careful while handling data using their portable mobile devices. Security policies that boost the awareness of the workers are, therefore, encouraged. An effective policy should aim at ensuring that the employee receives the right training on information security when using mobile devices. It should ensure that the employees sign information security documents during the orientation period. It should stipulate the modes of evaluation of the knowledge of the employees on the security tips and should also ensure that the employees embrace the underlying policy guidelines concerning information security as a whole.
Policies on Portable Storage Devices
Mobile computing cannot be done effectively without the use of portable storage device. These are devices that are usually used to lift data from various sources to different destinations. They include flash disks and removable hard disks. Security policy guideline should recommend effective practices when using these devices. Storage devices that are used in the transportation of sensitive information should be encrypted using a password. This will ensure that unauthorized access to the information stored is barred. The portable computing devices that are used to store sensitive information must also be protected with passwords. The passwords will ensure that information is not lifted from the devices without the knowledge of the owner of the device.
Policies on Wireless Networking
Recommendations
Organisations and business firms should consider adoption of appropriate security policy regarding mobile computing (Bacik 2008). The employees should ensure that while they are using remote computing, the appropriate information security measures proposed by the management are adhered to. This is because the mobile computing facilities are exposed to more risks which must be addressed by a suitable security practice and measure. The organisation should also ensure that the security measure adopted is in line with the risk addressed (Zhang 2012). Evaluation of the security policies on mobile computing should also be done to ensure that the current policies can be able to combat the risks that the mobile computing is exposed to (Orlowski 1997).
Conclusion
Mobile computing is becoming rampant with the introduction of the work from home policy. The use of portable devices has hence been enhanced. However, this positive phenomenon is accompanied by the risk of exposure to the insecurity of information. The adoption of appropriate and effective security policy that can combat the threat of insecurity to information management is, therefore, becoming a necessity. Hence the organisation should, evaluate her mobile computing policies appropriately to be able to match the increasing risks that are dynamic in nature.
References
Vermeulen, C., & Solms, R. V. (2002). The Information Security Management Toolbox – Taking The Pain Out Of Security Management. Information Management & Computer Security, 10(3), 119-125.
Bacik, S. (2008). Building an effective information security policy architecture. Boca Raton: CRC Press.
Beachy, R. (2012). End user information security policy template. S.l.: BrainMass Inc..
Doddrell, G. R. (1995). Information security and the Internet. Information Management & Computer Security, 3(4), 15-19.
Graaff, T. D., & Rietveld, P. (2007). Substitution between working at home and out-of-home: The role of ICT and commuting costs. Transportation Research Part A: Policy and Practice, 41(2), 142-160.
Green, H. (2013, February 1). Strategies for Safeguarding Security of Mobile Computing: Hospitals Can Gain a Competitive Edge by Responding Strategically to the Rapid Proliferation of Mobile Devices in Health Care, with Security Being an Intrinsic Part of Their Strategy. Healthcare Financial Management, 10, 10-13.
Helal, A. A. (2002). Anytime, anywhere computing mobile computing concepts and technology. New York: Kluwer Academic.
IT, B. T. (2011). Mobile computing securing your workforce.. Swindon: British Informatics Society.
Kamal, R. (2007). Mobile computing. New Delhi: Oxford University Press.
Kogan, I. (2007). Working through barriers host country institutions and immigrant labour market performance in Europe. Dordrecht: Springer.
Mobile computing and networking 2001: proceedings of the Seventh Annual International Conference on Mobile Computing and Networking, July 16-21, 2001, Rome, Italy. (2001). New York, N.Y.: Association for Computing Machinery.
Orlowski, S. (1997). Government initiatives in information technology security. Information Management & Computer Security, 5(3), 111-118.
Patent Application Titled "Systems and Methods for Enforcing Security in Mobile Computing" Published Online. (2013, August 1). Computer Weekly News, 60, 2-12.
Peltier, T. R. (2002). Remote Access Security Issues. Information Systems Security, 10(6), 31-36.
Rasheed, H. (2012). Data Sharing for Context-Sensitive Access Control Policy Evaluation and Enforcement. International Journal of Computer Network and Information Security, 4(11), 11-20.
Solms, R. V. (1998). Information security management (1): why information security is so important. Information Management & Computer Security, 6(4), 174-177.
Venkatraman, N., Tanriverdi, H., Stokke, P., Davenport, T., Sproull, L., & Storck, J. (1999). Is it working? Working from home at Statoil, Norway. European Management Journal, 17(5), 513-528.
Wood, C. C. (1997). Policies alone do not constitute a sufficient awareness effort. Computer Fraud & Security, 1997(12), 14-19.
Zhang, Y. (2012). Future computing, communication, control and management (2012. ed.). Berlin, Heidelberg: Springer.