Personal smartphones provide opportunities for increased productivity, but unsecured devices could put data at a costly risk.

Imagine trying to manage a construction project without a smartphone. You would have to visit each site to create field reports, and clients trying to reach you may become frustrated that you are out of the office. Additionally, sharing information for reports would require you to go back to the office to file them from a computer. Managing and collaborating on all the moving parts of the project would quickly become labor intensive and inefficient, increasing the time and cost necessary to complete the job and decreasing client satisfaction.

Smartphones allow construction business owners to collaborate from anywhere quickly, easily and with little chance for error. Likewise, mobile apps allow for the instantaneous capture of information, sharing of documents and communication of job-related updates. This mobility frees owners from the desk or work trailer—an important ability in the construction business.

Many companies have shifted toward the bring-your-own-device (BYOD) philosophy, which allows employees to take advantage of their personal mobile devices’ flexibility at work. However, a new acronym has begun to enter the industry: BYOA, which stands for “bring your own app.” There are many mobile apps that can improve productivity and efficiency in the construction industry, thus enhancing the already flexible nature of mobile devices.

For example, some field manager apps allow construction owners and employees to send location, timecard and other information between the office and the field. Apps can even reduce paperwork associated with billing.
Tablets have also gained popularity, and these devices have their own range of apps tailored for construction management. Some construction management apps, for instance, allow users to draft and deliver subcontractor prequalification forms, manage the review process, send bid invitations, update project participants and more.

Mitigating Risks
These features boost productivity and streamline processes. However, a significant amount of sensitive corporate data is transmitted when employees use apps such as these, and a single breach of this data could be costly. Last year, the average corporate data security breech cost $5.5 million, according to privacy and information management research firm The Ponemon Institute.

However, mobile and tablet use are an unavoidable reality in the construction industry. Eric Mower + Associates found that “50 percent of contractors use a smartphone, 49 percent use a laptop with mobile web access and 21 percent use an iPad or other tablet for their jobs.”

In order to mitigate the risks associated with BYOD and BYOA, steps must be taken to secure the data on the devices. One step employers should consider is the implementation of a solution that can separate corporate and personal data on employees’ phones and tablets. Separated, the corporate data is stored in an encrypted container while personal data remains freely accessible according to the individual’s preferred settings.

Another benefit of separating personal and corporate data on phones and tablets is that IT can remotely wipe the corporate data from the device and leave the personal data intact in the case that the device is lost or otherwise compromised. It is important that IT retain this right to wipe, considering 70 million smartphones were lost in 2011 alone, and only seven percent were recovered. If an employer uses a mobile solution that does not separate the data, IT would be forced to wipe the entire device in such a case.

Employers should also assess the security of their mobile software and apps. When workers share files, they often rely on mainstream cloud services such as Google Drive and Dropbox. These services are convenient, but they may not provide an appropriate level of security for the data being stored and transmitted.

For cloud storage and data transfer to and from mobile devices, construction organizations should implement mobile policies that provide secure access and trusted apps for data sharing. The secure access should provide native access to file servers, network shares and alternative document management systems that don’t rely on risky cloud stores and don’t have firewall reconfigurations. Access should require multi-factored authentication with Active Directory credentials along with a token or another standard authentication mechanism. This is another concern alleviated by the separation of corporate from personal data. To ensure that employees use only trusted apps for data sharing, IT should block corporate data from being accessible via apps that have not been authorized by the organization.

The best way to manage and enforce enterprise controls for the access and transfer of corporate data on personal mobile devices is to approach security on a person-by-person basis. This management must be granular and lithe so that it can work with factors such as caching, printing, emailing, opening in apps, expiring and revoking. Such a policy should allow IT to grant certain rights based on what an individual needs.

BYOD and BYOA practices benefit businesses by increasing productivity. Especially in construction, mobility can streamline processes and allow for greater collaboration. The security of data being transmitted between devices is a manageable issue, but it has to be approached properly to avoid costly breaches. If businesses separate corporate and personal data, create a detailed and flexible mobility policy and ensure that employees follow the policy’s guidelines, workers can continue to maximize productivity while minimizing risks.