- Create a Mobile Device Policy and Enforce It
Don’t be afraid to spell out what employees are expected to do – and not do – with their mobile devices. It’s important to remember you aren’t only managing devices but people as well. This is where you define acceptable and unacceptable behaviors and make it clear that there will be no exceptions.
Clearly define what types of devices are allowed. While you want to support a mix of the devices employees are most likely to carry, a line has to be drawn somewhere to prevent things from becoming unmanageable. No company, especially a small one, needs to open up things to 30 mobile devices. Minimum standards for device age and capabilities should be set. Newer technology will obviously have better security features. For instance, anything before the iPhone 3G will not permit device-level encryption.
Every policy should address acceptable personal device use when it comes to webbrowsing, app downloads/usage, public Wi-Fi protocol, and data transmission/storage guidelines.
- Keep Devices Lock & Password Protected
Your employees are using devices they take with them everywhere. You have no idea where they are at any given moment of the day. More importantly, you can only hope that their mobile device is either with them or stored away safely. Devices that aren’t password protected, which are left out in the open unattended, pose a huge risk.
Keep in mind that 46% of people who use their mobile device for work admit to letting others use it from time to time. Many devices have free built-in security controls such as locked screens, the ability to remotely wipe out the device after multiple successive failed authentication attempts, and even GPS trackability.
Passwords should be strong and frequently updated. Employees should also be advised to not keep written passwords lying around.
- Immediately Disconnect Terminated Employees or Voluntary Leaves
Be sure to remotely wipe company data from the personal device of any employee who is terminated or voluntarily leavesthe company. Ideally, this data should be retrieved. This is one reason a SMBs mobile device policy must address where employees are to edit and save files. Many SMBs these days require all files to be shared, edited, and saved on Cloudbased software like Dropbox.
- Use Available Encryption Technologies
Business critical files, folders, and hard drives should be encrypted for reliable protection against unauthorized access. Encryption prevents sensitive data from being read by potential hackers as content is transferred to and from mobile devices.
- Use a Mobile Device Management (MDM) Solution
MDM solutions are a cost-effective means to ensure that any mobile device accessing their network is identified, controlled, and monitored. This method of centralized management makes it easy to configure devices for enterprise access, stipulates password policy and encryption settings, locates and remotely clears and locks any lost or stolen device, automates security updates, and proactively identifies and resolves device or app issues.
CLICK HERE for a free network assessment.