Mobile devices are everywhere. They’ve become an integral part of our lives, and they’re also transforming the way we work. Pre-pandemic data shows that 75% of employees use their personal cell phones for work-related purposes. And with remote and hybrid work increasing in popularity post-COVID, it’s safe to assume the percentage has only increased. Since these personal mobile devices now carry company data and are vulnerable to attacks from internal and external threats, it makes sense for IT administrators to think of mobile devices as another category of endpoints. Mobile devices should fit into your security management processes like the traditional endpoints of computers, printers, and other network devices. While most organizations have advanced strategies for endpoint management in place, many have not yet taken the logical step of moving mobile devices into that fold. And with 40% of CEOs agreeing that mobile devices are their biggest IT security threat, it’s time to make that transition.
In this post, we’ll share a few simple ways to improve the management and security of mobile devices by integrating mobile device management (MDM) into endpoint management.
Let’s dive in.
Importance of mobile device management
Mobile device management (MDM) is integral to any business’ IT strategy. It helps you keep track of all the devices accessing your network and allows you to remotely manage those devices.
Here are some key reasons MDM is so important:
- You can control which applications are installed on each device and when they’re updated, helping you keep viruses and malware off your network.
- You can track how employees use their devices, including how much time they spend on each app or site and what kinds of things they’re looking at. This will help you enforce security policies, such as “no personal email” or “no Facebook at work.”
- You can set up remote wiping so that if someone leaves the company or loses their phone, you’ve got control over what happens to it and what information is stored on it afterward. To effectively implement MDM, leveraging mobile device management services is highly recommended.
How to extend endpoint management to include mobile devices
To properly extend endpoint management to include mobile devices, you need to perform four administrative tasks: enroll the devices in the management system, take inventory, configure them for control, and then secure them.
Let’s take a closer look at each step in more detail.
Step 1: Develop a device enrollment plan
The first challenge IT faces in managing mobile devices is that smartphones and tablets don’t run agents. How can IT ensure that the hardware and software used to manage endpoints can locate and connect to mobile devices?
The simplest way to secure a mobile device is with an app built for the respective operating system. If your organization provides the device, you can install the app before giving it to your employees. In the case of BYOD (bring your own device), require your users to install the app from the app store or an internal portal on their first day of work.
Image by Freepik
Use remote support software like a TeamViewer alternative to allow your administrators and technicians to connect to and control devices from anywhere in the world. That way, you can quickly resolve any technical issues during the onboarding process, conduct remote maintenance of IT infrastructure, and automate these routine processes (installing and updating these apps on new devices).
The goal is to work smarter, not harder, to secure the devices within your organization.
Step 2: Take note of the current inventory
With the proper onboarding protocols in place, you should now have access to check every employee’s mobile device on the network.
Every organization should know how many mobile devices it owns, who has them, and how to quickly find the right one when it’s lost, stolen, or otherwise compromised.
Having a complete endpoint inventory shows the traditional characteristics of every mobile device, like the make, model, and operating system version. But it can also track other mobile-specific attributes such as International Mobile Equipment Identity (IMEI) and whether the device has been jailbroken.
Keeping an eye on this information is critical to help your tech administrators determine the proper platforms to support, which mobile devices are non-compliant, and whether there are any security vulnerabilities in the mix.
Step 3: Customize policies based on the user, type of device, and level of security required
To truly enforce your policies, you need to customize them based on the user’s specific needs, the device’s capabilities, and the level of security you want to achieve. You also need to be able to easily manage these policies across multiple devices from one centralized console.
Let’s say you have two different groups of users — your finance team that needs access to sensitive financial information, and your summer interns that don’t.
You can create two separate policies: one for high-security employees and one for low-security employees. The higher-security policy would allow access to proprietary information on those devices (with unique credentials), while the lower-security policy would restrict access.
Or you might have several devices in use across your company. You could create policies based on device type — for instance, having one policy for laptops, another for phones, and another for tablets — and then customize each one based on specific needs.
Differentiated application control for mobile devices is a critical component of mobile device management. It allows you to manage applications on mobile devices, including the ability to uninstall or disable them if necessary. This can be especially important if an employee loses a device (or leaves the company) and you want to ensure that no sensitive data remains on it.
It’s also important to understand what applications are used on the device and what they do. For instance, if your company doesn’t allow social media apps like Facebook or Twitter, this would be something that differentiated application control could help you enforce by not allowing unauthorized apps to be installed in the first place.
Differentiated application control also allows IT professionals to control which applications are installed and used (or not) based on organizational policies or industry regulations such as GDPR.
Step 4: Protect data no matter where users access it
When it comes to data protection, you can never be too careful. No matter how hard you try to keep your users’ devices safe and secure, data loss is always a risk.
Whether lost or stolen, compromised by malware or viruses, or intercepted by unauthorized users — there are many ways for sensitive information to fall into the wrong hands.
(Image by Freepik)
To improve security on mobile devices, ensure that your company’s confidential information stays safe no matter where employees access it from (desktop computers included). Use endpoint management software that employs multiple layers of security measures at both local and remote levels:
- Preventative: This layer prevents unauthorized or unwanted access by blocking outbound connections from any source except those authorized by the system administrator.
- Detective: This layer detects anomalies, such as unusual activity patterns within networks, that may indicate an attempt at hacking into another user’s account.
- Corrective: This layer corrects any mistakes made during previous phases so that unauthorized access can’t occur.
All of these security measures are critical to protecting company data. But what about personal data on mobile devices when a BYOB policy is in place?
For instance, some organizations allow access to corporate apps and data but prevent them from accessing information in personal apps, gallery photos, and emails on employee devices.
Your employees will be grateful for this added layer of personal privacy. You can also prevent your organization from malicious attacks by separating firmwide data from personal data. And if all else fails, you can remotely delete corporate data from a compromised device.
Wrapping up
You should be able to manage and secure these devices in the same way that you do with laptops.
BYOD is becoming increasingly popular as a way for employees to use their own smartphones and tablets for work purposes, while saving you money by reducing IT overhead.
It’s more crucial than ever that your organization can track and control these devices regardless of the physical location of your employees. They could be sitting in the office next to you or halfway across the world, and the security remains equally as strong.
The last thing you want is a data breach on your hands. With the average data breach running from $120,000 to $1.24 million, that’s enough to put a small business deep into the red. Plus, it can also tarnish your business reputation, which is challenging to rebuild.
If you’re one of the many businesses that haven’t yet deployed a mobile device and endpoint security program, now’s the time to start. As mobile devices become increasingly integrated as endpoints, they’re becoming more and more essential to the security of your organization.
Kelly Moser is the co-founder and editor at Home & Jet, a digital magazine for the modern era. She’s also the content manager at Login Lockdown, covering the latest trends in tech, business and security. Kelly is an expert in freelance writing and content marketing for SaaS, Fintech, and ecommerce startups.
Leave a Reply