As technology has advanced, it has grown to a place where employees are able to stay connected to their work, even after clocking out for the day. Employees can use their laptops, phones, and tablets to continue working or to respond to emails. This is a great aspect for better communication and increasing productivity; however, the security of these devices can get overlooked.
A small percentage of companies supply mobile devices for their employees, but a vast majority of employees bring their own devices. The challenge many companies face is how to secure those devices to protect the sensitive information that is stored on the device or is accessible on it.
The key to ensuring security on these devices is to use a mobile device management solution. When employees need to have access to sensitive information, adding the device to the mobile device manager will require certain security policies to be enforced.
There are several solutions that can be used to enforce security settings. The most common is Microsoft Exchange ActiveSync. A few others include IBM MaaS360, Cisco Meraki Systems Manager, and VMware AirWatch. At a minimum, a mobile device management solution should enforce these settings:
Require a PIN
It is vital to prevent unauthorized access to devices that have sensitive or confidential company information on them. The simplest way to enforce unauthorized access is through a personal identification number (PIN).
PINs should be four characters at minimum, but six or more is even better. Many mobile device management solutions can prevent users from using simple passcodes (e.g., 1234, 0000). Most mobile devices can also use biometrics, which are an even stronger control than a PIN number.
Set an Automatic Timeout
Mobile devices should be set to automatically lock after a maximum of five minutes of inactivity. This will help secure devices that are left unattended.
Some mobile devices come with built-in encryption, but some do not. It is best practice to encrypt all mobile devices and storage cards so that if it is lost or stolen, the information on them will not be accessible.
Implement Remote Wipe Capabilities
Another important feature that most mobile device management solutions support is the ability to remotely wipe a device. This is an important feature in the situation where a device is lost or stolen. The feature will allow you to delete the phone's memory, which helps ensure confidential information is not disclosed. Wiping the device will also delete any personal information, such as pictures and text messages, so ensure all employees are made aware that if they misplace a device, it will be wiped.
When implementing a mobile device management solution in a bring your own device environment, inform employees of the requirements for bringing their own mobile device. This can be done in the on-boarding process and through acceptable use policies. Train employees to promptly report lost or stolen mobile devices so that they can be remotely wiped in a timely manner.
Due to the nature of people staying connected to their work even when they are out of the office, the security aspect of using mobile devices cannot be neglected. Using a mobile device management solution will help greatly to ensure that security controls are implemented and that they are enforced consistently across devices.