Mobile devices are not only incredibly convenient for business, they’re also a liability. Many organizations have no idea where their sensitive data is going. Especially when you throw personal devices into the mix. What apps are on employees’ personal devices? Are personnel inadvertently downloading spyware?
Even benign apps can introduce security vulnerabilities. Data can be breached simply by using email on their phones — particularly if they’re using it on a public wifi network.
In today’s cybersecurity landscape, it’s imperative to be able to manage all of the devices that have access to your network environment. Mobile device management (MDM) allows you to manage all of your devices (and your employees’ devices), no matter what their type or operating system.
An MDM solution gives you greater control over each device’s data access, and lets you monitor the activities of your mobile devices. If there’s a breach or a device is lost, you can remotely disable access and wipe data from the device.
Mobile device management isn’t something you can just sit down and figure out during lunch. You’ll need to consider several things and run through a strategic rollout. Follow these best practices for implementing a successful MDM program at your organization.
Do Your Research
Start with researching the right tool and package for your company. Will you host it on your own servers or in the cloud? What features and functions do you need? How will you deploy it?
Gain a good understanding, before you walk into it, of what your cybersecurity landscape looks like. What do you need to protect? It’s more than just listing laptops and mobile phones. For example, what types of laptops do you need to support? PCs? Macs? Linux? What phones will be included? Are any devices too old to support your mobile device management tool?
Also consider policy-related questions. For example:
- Do devices need password protection?
- Should cameras be disabled by default?
- Is secure wifi connectivity a requirement?
- What customization options will the device provide?
- Do certain devices need to be geo-fenced?
What About MDM on Personal Devices?
If you’re like most companies, you allow your employees to do work from their personal devices. That raises privacy questions and other concerns. If you’re installing the software to protect corporate data on someone’s personal phone, how do you ensure that any activity happening through the MDM isn’t negatively impacting the device?
Consider that there’s a variety of reporting that could come back through mobile device management. Is it in the purview of your organization to be able to report on things happening on your employees’ personal devices that have nothing to do with work? How will you handle or segregate that information? Will remote wiping of work data on the personal device in any way impact personal data on the device?
Some personnel may not want to have anything work-related on their personal devices. If that’s the case, you might choose to issue company devices to those employees, with MDM installed.
Of course, the privacy issue is a moot point if you provide company devices for everyone. You can set policies about how employees are allowed to use those devices, and you don’t have any monitoring or reporting concerns regarding personal use. Install whatever you want on those devices. The downside, of course, is that it may be cost prohibitive for your organization.
Related: Don’t Forget About These Important Device Policies
Use a Test Group Before MDM Rollout
Once you’ve made your policy decisions and vetted your mobile device management solution, start your rollout. There will be challenges, and probably more than you anticipate. Ease your way into this arena. Take your time, and implement slowly in stages.
Start by rolling out to a small test group first. Include devices from across various roles in the organization. Select a variety of types of devices as well. Don’t limit your test group to your IT staff, because non-technical personnel will have different experiences and will use their devices differently. You’d rather know up front how things are likely to go, before your major rollout.
Install the MDM solution on those devices, then take them through the wringer. Go through all of the hoops and hurdles, the issues and resolutions. Verify that you’ve addressed, tested, and validated everything sufficiently, then roll out your MDM implementation to the rest of your organization.
Configure Your MDM Carefully
Many MDMs have an astronomical number of settings that you can tinker with. The complexity can be overwhelming. Start off with a baseline configuration that will let you accomplish your basic goals. Roll that out, then gradually make tweaks as you go.
When you make tweaks, make them to your original test group first, then roll out to the whole company.
Don’t Wipe Personal Data
If a device is lost, stolen, or hacked, you’ll need to be able to wipe the data. You’ll also wipe data when an employee leaves the company. When it comes to personal devices, be sure that you only wipe the data related to your organization. You don’t want to delete personal contact lists, important personal files, or treasured photos.
Before rollout, test a representative set of devices to ensure that remotely wiping corporate data won’t also remove personal data.
Communicate Clearly
Assuming you’re implementing MDM on personal devices, be sure to communicate clearly and openly about why and how mobile device management is being implemented. Define the boundary lines and provide assurance that their personal information will be safe and untouched. Explain what kind of information and data will be collected and reported on.
Also be available to answer questions. The more transparent you are with folks who are concerned, the more successful your mobile device management program will be.
Maintain Your MDM Solution
Don’t assume that you can set it and forget it with your MDM implementation. Maintain ongoing oversight of the platform. Look at the reporting, monitor the state of the patching updates, and ensure that the system continues to operate as expected.
One of the most important elements is to make sure that MDM software updates are actually rolling out to everyone. You may have some people who aren’t currently attached to your VPN, or they’re on vacation in an area with no cell coverage. Be sure their devices get the updates when they reconnect to the network.
Also, keep in mind that devices will get updated major operating system versions. Make sure to perform testing on your test group prior to major issues as users are upgrading their operating systems.
Protection You Can Count On
Mobile device management is a must-have for businesses that use mobile devices to do work. Without an MDM implementation, you have no idea who has access to your data once your employees leave the building. And for remote work environments, that’s a 24/7 issue.
TCT supports many facets of security / compliance impacts for our clients. We can help you tame the chaos of compliance management, whether you have a few specific questions or need end-to-end help.