Regular readers of this blog will know that I spend a good deal of time focusing on managing mobile device data security in healthcare information technology, and the impacts of how breaches ultimately affect patients.
As such, I’m developing a strong interest in BYOD and the policies that need to be set in place to protect the information that all of us as consumers, myself included, hope remains safe.
So, I came across a piece recently by SecurEdge Networks that I think resonates, offering some of the best tips for managing mobile device data in the healthcare environment.
Though it’s a top 10 list, I’ll focus on what I think are some of the most important points. Feel free to let me know if you agree, or if you have other tips worthy of the list.
According to SecurEdge Networks, at number one of the list is basic security. It’s a must. Basic security typically comes down to simple use of strong passwords. In addition, staff members must be required to change their password after a certain amount of time, and a system must automatically lock after a certain period of inactivity.
Containerization of data, specifically on mobile devices, allows for the separation of personal and professional data. Setting up containers allows a personal device to be used in the workplace while protecting all of the company’s data in a secure container that can be wiped in the case of a lost or stolen device.
Next, limit which apps can be downloaded to a mobile device used in the workplace. There are tools available that completely block installation of outside apps on corporate and personal mobile devices, helping reduce the exposure to viruses or malware. According to SecurEdge Networks, “Having a corporate app store that has only pre-screened apps for the platform included is an effective tool for securing mobile devices that are used to access confidential information.”
Next up, one of the most basic steps one can take in a BYOD environment is to ensure that basic security software is installed. “Anti-virus and anti-malware programs should be installed and software firewalls should be put in place for each device,” cites SecurEdge Networks.
Finally, in what may be the most important tool available practices and hospitals engaging in a BYOD program is remote wiping. If a device is lost or stolen, having the capability to remotely wipe the device is essential. Some companies even go so far as remotely wiping any data on the corporate side of the device when it leaves a set geographical area. Since the data isn’t stored on the mobile device, this is an easier process. Personal data can also be wiped, which is attractive to employees who may have some initial resistance to having their devices accessed by their employer.
As noted by SecurEdge, employees who are allowed to use their personal devices in the workplace are often happier, more productive and always on. “Allowing employees to bring in their own devices can be an effective policy, boosting productivity and reducing operating costs.”
On this subject, there’s more to come; stay tuned.