Developing a Mobile Policy that Your Personnel Will Actually Follow

By the DynaSis Team

With mobile devices presenting one of today’s biggest corporate threats (the biggest threat, according to one study), companies must make sure the mobile devices of their workforce are secure. Encouraging workers to follow mobile device policies and protocols, however, can be a real challenge.

This problem is endemic among Millennials—the up-and-coming, very large generation of workers. A report released in mid-2015 found that Millennials pose a greater threat to mobile security than any other age group. The findings indicated Millennials expect employers to handle mobile security and tend to engage in very risky behaviors, such as letting friends or associates use work phones.

With this generation just starting their careers, the problem is not going away any time soon. The secret, then, is to create a security program to which personnel will actually adhere. Part of this effort is having managed IT services that can administer and secure device-level access to corporate information. The second part involves education—reinforcement through meetings and training sessions that certain behaviors will not be tolerated. The third component is the development of policies that are sensible, clear and consistent.

Millennials in particular do not accept the advice of the older generation very well—even if the older individuals are their work superiors. They also rebel against “special treatment” situations. Following are a few tips that should help you get everyone, even Millennials, on board with your mobile device security programs and policies.

• Do not be creative or trendy—using titles like Acceptable Use Policy sends a clear message about the intent of the document.
• Keep the verbiage simple and avoid legalese. Although the policy document should not be chatty, it also should not be written above the heads of your employees.
• To eliminate grey areas, offer instructive examples of behaviors that are allowed and those that are embargoed.
• Provide instructions for workers to follow if they inadvertently violate policies. Millennials in particular like to solve their own problems. If they discover, for example, that they stored a corporate document in a personal partition, they may be able to fix that simple mistake themselves. But for issues they cannot or should not resolve themselves, give workers a resource for IT support and services.
• Most importantly, make it clear that workers will not be fired for admitting they made a mistake. If an employee loses a phone, for instance, he or she should fear reprisal only if the loss is not reported on a timely basis.

Lastly, draw a line in the sand and ensure everyone sticks to it. Intentionally subverting policies or “jailbreaking” phones (making changes prohibited by the manufacturer) to knowingly share sensitive data is tantamount to corporate espionage. Many less-innocent behaviors can still pose threats, but some firms choose to allow them.

Set your parameters and apply them consistently. If a junior sales person cannot hop onto an unsecured Wi-Fi network, for example, your CEO should not be allowed to do it, either.