The board of ANZ has been banned from bringing iPads into meetings due to security concerns that members could inadvertently expose confidential information if security leaks occurred, prompting warnings for SMEs to adopt a similar stance.
The move comes as security firms have been pleading with SMEs for years to account for the growing number of smartphones and tablets that employees are bringing into the office yet are still unsecured.
Such unsecured devices, which are being used to house both personal and corporate data, could spark major security issues if any confidential information was ever leaked – especially while the user was operating on a private wireless network at home.
“Businesses need to be aware of the security implications and make sure they put in place appropriate procedures,” says AVG security expert Lloyd Borrett.
The warning comes as ANZ has confirmed its board members may no longer take their iPads into meetings, on order from the bank’s legal team, on fears security leaks could occur.
“Under Australian law, the annotation is a problem,” the bank’s chief information officer, Anne Weatherston, told the Australian Financial Review. “While we can secure the board paper, any annotations you make sit outside of the network and we cannot capture them or store them as a corporate-owned document.”
Weatherston also noted that annotations taken during board meetings can be considered legal documents. As a result, iPads have been banned from meetings until a fix is found.
But Borrett says that approach is “easier said than done”, especially as more executives and managers in SMEs start using tablets to take notes in lieu of paper.
AVG points to a recent Telstra survey which found that smartphone ownership has reached 46% of mobile phone owners, and that is expected to reach 60% by the end of the year. And nearly half of the respondents said they access the internet on their phones during work hours, and 13% during business meetings.
Borrett says the time for SMEs to counter this and ban all devices from the workplace is now over.
“The simple fact is that people are bringing these devices into the office, into the workplace situation, and business owners need to decide what to do with it.”
A separate survey commissioned by AVG and conducted by the Ponemon Institute also found that 55% of respondents were aware that they might be putting employers’ confidential information at risk when using their smartphone for both personal and corporate use.
Borrett says the correct approach is to simply draw up policies and enforce them. Discussion them with your information officer and ensure that employees are only accessing that data when it is appropriate.
“Banning it? They’re going to be there regardless. It’s about putting the proper procedures and policies in place.”
“Then you need to make sure they are being followed. So, for example, we’re not going to allow devices in this room, or we’re going to allow iPads but you can’t connect them to the network, and so on. Whatever policy you decide.”
Patrick Stafford is a freelance journalist and a former deputy editor of SmartCompany.
