Part 1: The Mobile Worker’s IT Bill of Rights
Part 1: The Mobile Worker’s IT Bill of Rights…
To you, the road warriors and the remote/ mobile workers: salespeople, rainmakers, consultants, professional services folks, and C-Suite inhabitants; the ones forever on the go; the ones who make things happen for your customers and your organizations. Wouldn’t you be far more creative and effective if you weren’t weighed down by cumbersome devices like secure laptops, backup drives, and the ever so ponderous acceptable use policy? Doesn’t the long laundry list of do’s and don’ts for when on the road add more baggage than necessary?
Know this that when it comes to information technology, you should have rights. Rights that will allow you focus on your abilities and competencies, rather than on who is peering at the contents of your corporate laptop.
You should have the right to work from a coffee shop—connecting your mobile device to the freely offered, open WiFi. You should not have to worry at all that it is the well-dressed person sipping on a latte two tables away, who is actually hosting what you thought was the café’s WiFi and is now sifting through your network traffic for the sensitive information that you’ve been rightfully told to secure at all costs. You should be giving your undivided attention to the report that you’ve got to deliver in the next hour. Sure, addresses are important in your line of work; but these should be the email addresses of your customers and clients, and not the MAC addresses and IP addresses of your Internet connection. You should have the right to not be needed to monitor those type of addresses.
You should have the right to leave the bulky equipment, which you’ve been carrying all day, locked in the car while you are at a restaurant enjoying a well deserved, perhaps celebratory, meal. You should be able to do this without having to worry about the corporate issued laptop from being stolen from your car. With multiple customer’s data files residing on that device, sensitive corporate information, and intellectual property; an event such as this, while certainly not as devastating as a corporate network breach, can still require you to wipe clean the next few day’s calendar of events while you inventory what was stolen and start notifying your customers of the loss. Sure, disk encryption might be a cause for some comfort, but do be aware that it has known to be bypassed. You should have the right to need only worry about replacing the device in the event that you fall victim to theft.
You should have the right to not be required to know of all the regulations in every geographic region of the world that you roam for the purpose of building accounts, developing partnerships, creating relationships, and servicing customers. All of these regulations revolve around the data stored on your laptop. As a supply chain specialist should you really be required to know the finer aspects of the GDPR regulation? The real question to be asked here is whether you really should be spending any substantive periods of time learning data protection and data loss detection techniques? Should you be aware of every item of personally identifiable information on your laptop? Would you even know if it is deeply embedded in the documents that were handed to you? And to top it all: would you even know that the data was breached from the laptop? You should have the right to not be a regulatory compliance expert.
You certainly should have more rights. But I’ll stop with these for the present moment.
In the next part of this series, I’ll talk about the challenges that enterprise IT faces with establishing a good cybersecurity program for mobile devices.