Tighten password use. In addition to securing information online, require employees to put passwords on all devices they use to access sensitive company information. This would include laptops, smart phones and iPads. Passwords help protect information that is left open by locking out the device after a certain period of time. Employers may take this a step further and require regular rotation of passwords and specify a level of complexity for the password (for example, a combination of symbols, letters and numbers).
Educate employees on policy. Create a policy that discusses the use of mobile devices, both corporately owned and personal. Educate new employees on this policy early in employment and communicate it to all employees regularly. The policy should address employee responsibility regarding sensitive information accessed on mobile devices and protocols the company will follow if sensitive information is breached. This policy may also require employees to disclose personal devices they use to access confidential corporate information.
Engage IT staff to enforce and monitor. While employees should take personal responsibility for accessing this information, employers should also equip IT with the tools necessary to monitor employee access to sensitive information. When it is suspected that information is being used or accessed inappropriately, have protocols in place to give certain IT staff the authority to restrict access until the matter is investigated thoroughly.
Use technology solutions. Technology exists to help employers guard sensitive data, regardless of the device that is used to access it. This includes systems that prohibit employees from copying and pasting material from a secure web browser into a document on a personal laptop. Other technology can remotely delete data from a device should it be lost or stolen, or if an invalid password is entered a certain number of times. Employers should also consider investing in IT development, so that the company is aware of new cyber threats and employees are trained to handle them.
Understand relevant laws. A number of states have enacted laws that require notification to individuals whose sensitive personal information has been breached. Additionally, many foreign countries have stringent rules regarding employers monitoring employees' personal devices. HR professionals should understand all relevant laws and bring their organization's policies into compliance.