Mobile Access Misconceptions (2): Personal Data

In the previous article, we shared information about the benefits of mobile access control, i.e. using your smartphone to open doors and compared this to traditional access control methods. We also detailed the steps an individual and organization can take to restore their access when a smartphone is lost or stolen.

In this edition, we'll focus on discussing how access control suppliers securely deliver mobile access applications to smartphones. Allowing secure access to company facilities while maintaining the privacy of the owner’s personal information.

Before we begin, let’s summarize some of the key points from the last article.

• Smartphones have become the preferred choice for secure access control substituting for traditional brass keys and RFID credentials to provide employees with access to company buildings.
• Mobile access offers significant benefits over traditional access tools because it’s easy to adjust and it will typically cost less to manage.
• Mobile access gives employees permission to enter physical and digital places by using their smartphone as an approved credential. The mobile phone uses Near Field Communications (NFC) or Bluetooth® of Low Energy Consumption (BLE) capabilities to authenticate permission for the owner to use the access control system.
• When an employee’s smartphone is lost or stolen, the affected employee can contact the company’s system administrator to immediately revoke the employee’s access control credential protecting unauthorized access to company properties.
• It’s recommended companies install two-step authentication to ensure all smartphones with mobile access cannot be used by unauthorized people. For example, requiring a Personal identification number (PIN) be used before the mobile access application is available.

Is Personal Information at Risk When Using Mobile Access?

Previously we talked about what you need to do if your smartphone is lost or stolen. Now let’s discuss how companies like HID Global provide a secure mobile access application for your phone.

Companies concerned about the vulnerability of their mobile access system may be concerned about mobile credentials being used in the event a smartphone is lost or stolen. An important mitigation for this risk is to use an enterprise-wide policy that requires users to unlock their device and open the app before the credential can be used. For most devices this means the user will need to use a PIN or biometric to open the phone, thereby much reducing the chance that an unauthorized person is using the device.

This type of access control enforcement feature can, and should, be used for Bring Your Own Device (BYOD) employees if there’s a higher degree of security is required. It works hand-in-hand with corporate policies to provide a consistent experience and to manage risk. Employees bringing their own phones into the workplace must embrace the same rules of protection.

Companies requiring the enterprise enforcement feature ensure the mobile access system for the company is better protected by greatly limiting the unauthorized use of employee’s phones.

We understand there may be reluctance by an employee to install a corporate app on their phone. This can be because they fear that the company will be monitoring them, and they wish to protect their privacy. For example, some employees may ask why “location services” need to be enabled on the mobile app. They must understand that this is to allow easy acquisition of the Bluetooth signal so that the best phone performance can be achieved.

We should note that, as many of you may know, Apple offers a unique feature for its iPhone customers. If an individual owns an iPhone, there is a feature that allows owners to use their device to locate their phone if it is lost or stolen.

One component of this feature is the ability to remotely wipe app data, which when activated will delete the mobile access credential. This works even if the phone is off, or appears to be dead.

At all times, world-class access control suppliers are doing their very best to protect your company’s access control system and your personal information.

Credible suppliers providing mobile access apps are very sensitive to protecting all personal information that is stored in their platform. Make sure your chosen supplier has a publicly available Privacy Policy. These types of policy detail what limited information is collected and why, and how it is protected and/or anonymized.

Look for compliance with regional security policies and legislation. For example, in Europe, the General Data Protection Regulation (GDPR) is a very powerful and important piece of legislation that covers the right to individual privacy for all citizens.

Mobile access companies must commit to being focused and transparent about the information that is collected on behalf of the individual. They proactively let their customers know what data they collect and what data they do not collect.

These companies can be trusted resources for companies to partner with in developing a mobile access control policy and mitigating mobile access issues when they happen.

What are the Benefits of a Mobile Access Partnership?

Ultimately, the individual phone owner has a responsibility to protect both company access and personal information on the smartphone. Once a smartphone is lost or stolen, the individual owner is accountable for notifying the company’s system administrator that the phone is missing. This is true for brass keys and traditional access control cards, fobs, or tokens.

The administrator, using the tools in their systems will prevent unauthorized access to the company buildings and systems while protecting personal and company data.

Mobile access providers must also share the load; ensuring the mobile access platform enables workflows and policies to support the customer and all of their mobile access users.

You can rely on global access control suppliers to be at your side to protect company access and your employee’s personal data. They are your partners to help you resolve any access control system challenges. This relationship of a collaborative strategy works for everyone.

Are you ready to learn more about HID Mobile Access?

Related articles: Mobile Access Misconceptions (1):  Stolen Phone

Mobile Access Misconceptions (3): Reduced Performance

Luc Merredew has over twenty years of experience working for OEMs in the fire and security space, and in his current role for HID Global, Director of PACS Product Marketing he covers LATAM, USA and Canada. Luc is based in Huntington Beach, CA and has been with Austin, Texas headquartered HID Global for five years.