Employees at virtually every business, regardless of size, are increasingly using smartphones for work. More mobility is usually good for business, but companies need to take control of mobile usage to manage risk and maximize productivity. Every business should have sensible mobile device policies, and most should deploy a mobile device management (MDM) solution that provides core controls over device usage and reduces the risk of data theft.
The first bridge to cross is deciding whether you’ll provide the devices yourself or adopt a Bring Your Own Device (BYOD) policy. Some businesses choose BYOD for economic reasons, but rigorous analysis suggests corporate-liable devices actually cost less.
What to include in your mobile device policy
Regardless of which path you choose, a straightforward policy is essential. You should, for example, require employees to update their operating systems promptly. If you own the devices and operate an MDM, this is easy. If you choose BYOD, you can at least create a written policy requirement stating that employees must apply OS updates as soon as they become available. This will reduce the risk of compromised devices and demonstrate that you’re making a clear effort to protect customer data.
Be clear with your staff about your intention to protect company data while also honoring their privacy. Without transparency on these points, employees may assume the worst. Set rules about what kind of work can be done on personal devices and what kind of work should be done only on company-owned devices. Also be clear on what sort of personal use can happen on corporate technology, including what sorts of media and apps are inappropriate for the workplace or a threat to mobile security.
If you’re using BYOD, be sure to assess your compliance with state and federal rules involving compensation, reimbursements and benefits for corporate usage of employee-owned devices.
Elements of a sound mobile device policy
Implementing the following requirements in your device policy will help address the greatest risks:
- Any device used to access information associated with your business must meet minimum security and management standards, as outlined in your policy.
- Security and management standards should be subject to change, managed by an MDM tool that will respond to perceived threats by restricting device access or removing company information.
- Devices should be locked when not in use, with encryption enabled.
- If a device is lost, stolen or misplaced, management must be notified immediately. Part of making this policy work is (1) making certain that information is stored off the device in the cloud wherever possible and (2) communicating that in the event of device loss, all data may be wiped. If people regularly back up content to the cloud, they will be less concerned about losing precious family photos and therefore quicker to admit when they’ve misplaced their phone.
- BYOD mobility policy should be spelled out in a document from human resources or top management making it clear that policy compliance is a condition of employment.
If it’s your first time rolling out a policy, be aware that you’ll likely update the policy as the usage matures, the devices evolve and the threat landscape changes. Assure employees you’ll reevaluate the policy as you go, especially because some people will be wary of increased device control.
How to manage your mobile policy with MDM
With your mobile policy written out and communicated, you’ll need a toolset to monitor and enforce it. MDM packages have matured over the last decade to include a wide range of controls, including management functions for your website, mobile apps and broader content (to share documents or restrict their distribution).
These common MDM controls can help you choose the right solution:
- Require a passcode: The most basic smartphone security feature, onboard encryption, doesn’t happen until each device has a passcode. Fingerprint scans and facial recognition are easy to use and reliable.
- Enforce OS updates: Security vulnerabilities are detected on a regular basis and then fixed by the device manufacturers and its operating systems. Devices running older versions of operating systems remain vulnerable to new threats.
- Restrict rooted devices: MDM can immediately report devices that have been compromised and block them from accessing sensitive information.
- Allow only approved apps: Whitelist apps for use on your phones and prohibit downloading of apps from untrusted sources.
- Force regular backups of files and configurations: Take advantage of cloud backup to store data created and collected on devices.
- Require the use of location services: All devices should be able to be located and managed at all times.
- Control usage: By using geofencing and specifying Wi-Fi networks, you can disable devices and generate administrator notifications when a device is removed from a designated area. You can also force devices to reconfigure between shifts, run a single app or go into kiosk mode during certain hours.
There are many MDM software packages on the market, most offered on a subscription basis. Samsung Knox Manage is a great example of a full-featured but straightforward MDM. It offers management support for all major operating systems, including iOS, Android, Windows 10 and Tizen, so wearable devices can fit into your mobile policy.
The beginner's guide to mobile device management
For organizations with more complex mobility requirements, Samsung’s Knox Suite combines device security, deployment and management. With one license and one sign-on, organizations can use Knox Platform for Enterprise, Knox Mobile Enrollment, Knox Manage and Knox Enterprise Firmware-Over-the-Air (E-FOTA).
Whatever tools you use, enforcing mobile policy is easier when you own the devices. It’s much easier in the long run to purchase devices that you know comply with your minimum requirements, are uniformly manageable with your policies — using your tools — and can provide a consistent user experience.
If you need to manage sensitive information and have reason to use it on the go, buy devices for your employees and use an MDM to increase work productivity while allowing for safe personal usage. Then sleep well at night.