Technology is ever-thriving and progressing, never more so than with mobile smartphones and tablets.
If organizations are not providing devices to their employees, most will bring their own (BYOD) and connect them via Exchange ActiveSync or Lotus Notes Traveler. They may even install unmanaged cloud services products that you’re not even aware of.
So, how do organizations keep up with it all while at the same time protecting access to the network?
Although there is no magic answer or solution, following some ‘best practices’ such as those listed below will lead you in the right direction. So, with no further ado, let’s begin:
Write a Mobile Device Usage Policy: When creating a policy for mobile devices in the workplace (sometimes known as Personal Device User Agreements), it’s important to outline what’s acceptable and what is not including, but not limited to:
- Verbiage on how hourly employees should access email after regular business hours
- Types of files and data that are allowed to be stored on mobile devices,
- Services that are allowed to be accessed (e.g. OneDrive, Dropbox, SharePoint Online, etc.),
- The rights that the company retains with regard to personal devices (e.g. the right to completely wipe a device and delete all its contents, or the right to selectively wipe only company data from the device).
Ensure that new hires and current employees receive the agreement, read it thoroughly, and sign it.
Passwords, encryption, and remote wipe (at a minimum):
- Require a PIN or password of at least four characters (some are requiring six now).
- Ensure the screen locks after 5 minutes of non-use.
- Enable full device encryption. With encryption there’s little risk of the company data being accessed if a device is lost or stolen.
Keep IT simple: When a new hire joins your organization, provide them with a single URL or instructions on how to connect their device to your systems and applications (making sure they first read and sign the company’s Mobile Device Usage Policy). Increased security usually means increased inconvenience so, it’s important to find the right balance between productivity and security. MDM solutions can help us reduce risk but, they aren’t perfect and they aren’t a substitute for end user education.
Adopt a Mobile Device Management (MDM) platform that works for your business: If your organization is considering a MDM platform or solution, it’s important to consider the following when choosing which service is right:
- Which devices are you trying to protect? Do you need to secure only handhelds like phones and tablets or, do you also want to secure laptops?
- What type of security do you want to implement? Do you only need to secure the device from being accessed if it’s lost or stolen, or do you need more advanced capabilities like geofencing?
- Is MDM, on its own, sufficient for your needs? MDM provides basic protection that will keep someone out of a lost or stolen device, but do you need to take security to the next level by pairing these capabilities with information rights management, conditional access, or multi-factor authentication to prevent data leakage of sensitive information?
Ensure backup and recovery: Employees and consumers are becoming increasingly aware that backing up data is critical but they may not necessarily be diligent about the security of those backups. You may have secured the device itself but, have you enforced policies to ensure that an iTunes backup is encrypted? Many MDM solutions can do this, or even disable the ability to backup a device altogether. It’s important to consider, organizationally, a backup and recovery service should all else fail. Services like OneDrive for Business and SharePoint Online help keep data safe regardless of what happens to the device but, making your data accessible in these services makes security enforcement, for both the device and for access to the data, even more important.
The outlined ‘best practices’ above take into consideration some of the most important aspects of mobile device management and “bring your own device” to work. However, it is a complex topic that can and must be customized to each individual business’ needs and policies. MDM is one important piece of the mobile security puzzle and a great step forward to ensure you data remains safe.
To learn more about BYOD and MDM, attend an upcoming Systems Engineering Lunch & Learn titled Personal Devices & Corporate Data: The impact of BYOD and MDM in the workplace. Attorney Elek Miller of Drummond Woodsum and Mark Benton of Systems Engineering will cover the many aspects, security risks, and solutions available to businesses today. Reserve your seat at one of our complimentary events (all events take place from 11:30 am through 1:30 pm and lunch will be provided).