Companies may have to start spelling out security policies for mobile devices since there are no written ones, or if they do exist, they are ambiguous. Employees are provided with mobile phones so they are reachable any time, any where. This means the employee may answer the phone while driving, so think of the legal implications if the employee got into an accident.
The other aspects are company confidential information or employee’s confidential information. The employee may use the phone to pay his credit card bills, text anyone without restrictions on the subject matter or language, send company specific information to anyone since there are no specific written agreements or stipulations as to what their phones should be used for. Any information sent or received has metadata that are easy to penetrate and hackers are always steps ahead, and these metadata are a great find.
While mobile device policies are necessary, it’s a whole new challenge to manage them and keep track of how employees are using them.