MOBILE ERP THEFT: FIGHT THE ODDS
Consumer Reports gives a staggering figure for smart phone theft in 2012: 1.6 million units. At 4 ounces each, that means some 400,000 pounds or 200 tons of phones were stolen. Put another way, those stolen phones way as much as three M1 Abrams tanks… excluding each tank’s crew and of course the crew’s cell phones, which we have to assume have been stolen also.
Mobile ERP functionality is powerful, but stretches your company’s data into a public sphere where smart phones go missing every day. If you and your ERP consultant haven’t talked about basic corporate cell phone policies that reduce the risk of theft or data breaches, then now is the time. Here is a good foundation to get started:
1. Establish minimum security requirements of the phone. Whether a corporate or personal phone, if it’s going to have mobile functionality for your ERP system then it had better meet the minimum security specs set by you and your ERP consultant. Don’t let the failings of the phone itself become a failing of your security. Many mobile ERP enabled smart phones automatically require a password as soon as they are assigned to an employee.
2. Minimum password lengths and character requirements. The front door of every smart phone is the unlock code. If you have some antique brick that requires just hitting the “unlock” button, then you don’t need to be walking around with anyone’s information much less that of a business. Similarly, password security should be established to access any ERP functionality. Necessary for both of these issues is how long and what characters should be required for at each step. Yes, it may be your employee’s phone, but if he’s unwilling to protect your data with a few extra characters, then perhaps it’s his character that should be called into question.
3. Travel and Personnel Restrictions. The temptation to feel modern may drive some firms to hand out access to the ERP system beyond what is absolutely needed, but if we’ve learned nothing from James Bond it’s the importance of “need to know.” The first rule of containing information is limiting its access sensibly. The fewer phones with access, the fewer that can be stolen and added to that 1.6 million. Likewise, as many phones are stolen at vacation hot spots, it may be wise to disable access on an employee’s phone when that employee is on personal travel.
There’s 200 tons of smart phones stolen in a single year, but that doesn’t mean you can’t prepare for the worst while still enjoying the accessibility of mobile ERP functionality.
Join us in part 3 where we’ll discuss how mobile ERP security could improve to further allay our worst fears of smart phone theft.