How to Create a Mobile Device Management Policy: 9 Best Practices

mobile device management policy

Mobile device management (MDM) policies are instrumental in preventing mobile device security threats and data breaches. Whether devices are personally or company-owned, MDM policies help employees understand mobile security risks and what they can do to mitigate them. 

Let’s discuss the importance of having a mobile device management policy and best practices for keeping mobile devices safe on a company-wide scale.

What Is a Mobile Device Management Policy?

A mobile device management policy establishes rules for how mobile devices are used and  secured within your company. Without mobile usage guidelines, you leave your company open to cybersecurity threats, theft and corporate espionage attempts.

Mobile devices are some of the most vulnerable and least regulated tools used by employees. Once any tool leaves the confines of your office, the threat of security breaches puts your equipment and sensitive data at risk. 

An MDM policy applies to devices such as:

  • Laptop and notebook computers
  • All smartphones (iPhone and Android)
  • Portable media devices
  • Tablets

MDM policies must apply to all employees, including contractors, part-time and full-time staff and any other personnel who access company data on a mobile device. If you regularly employ contractors, make sure you train them on MDM policies and use non-disclosure agreements (NDAs) if necessary.

There are three main categories of mobile device usage:

  • Bring Your Own Device (BYOD)
  • Company Owned/Business Only (COBO)
  • Company Owned/Personally Enabled (COPE)

6 Common Threats of Mobile Devices in the Workplace

There are many risks associated with mobile device usage in the workplace.

1. Theft and Loss 

Mobile equipment that’s lost or stolen poses an enormous security risk. Employees working remotely in public places like coffee shops, airports or co-working spaces must take extra precautions when leaving mobile devices out in the open. 

2. Malware

Malicious software, or malware, can infect a mobile device and infiltrate any networks that communicate or connect with the device. Spyware, ransomware, computer viruses and Trojans are ongoing security threats you must continuously monitor.

3. Public WiFi 

Public WiFi poses security risks to users working on mobile devices outside of a company office environment. Hackers can easily access your data, distribute malware and steal passwords via “free” public WiFi connections.

4. Bring-Your-Own-Device (BYOD)

Bring-your-own-device (BYOD) scenarios are attractive to many employers but carry their own set of risks. Multi-use devices can open your business up to even more vulnerabilities. Company-owned devices are easier to secure since you can control application installation. If you cannot distribute company-owned mobile devices, enacting separate BYOD policies helps alleviate risks.

5. Corporate Espionage 

Competitors can attempt to seize sensitive information in various ways. Employees or third parties can also engage in corporate espionage attempts, stealing data and selling it for profit.

If you’re concerned about the theft of proprietary company information, consider having employees sign non-disclosure agreements (NDAs) in addition to protecting their mobile devices.

6. Regulatory Non-Compliance 

If mobile devices are compromised, you may violate regulatory compliance laws by exposing financial, personal or confidential information. Penalties for regulatory non-compliance can be quite steep and may endanger your business, brand and reputation.

9 Best Practices for Mobile Device Management 

Now that you’re aware of what threat factors you’re facing, here are nine best practices that you should incorporate into your MDM policy.

1. Require Passcodes

Requiring lock screen passcodes and secure passwords are an easy first step in securing mobile devices. However, many companies undervalue strong password policies, increasing their risk of hacking and data theft. 

Here are a few basic password policy guidelines:

  • Implement two-factor authentication (2FA)
  • Prohibit password sharing
  • Use a password generator to enforce password complexity
  • Set minimum and maximum password age
  • Limit login time

Learn more: Read Why You Need to Implement Password Policy Best Practices

2. Use Anti-Virus Software

Anti-virus software is an essential tool in the fight against cybercrime. Anti-virus software:

  • Scans data and drives for viruses
  • Protects removable devices from getting infected with viruses or malware
  • Keeps devices running optimally
  • Helps detect phishing emails

Make sure to equip all mobile devices with anti-virus software that runs updates regularly.

3. Enforce Updates

Keep software up to date with effective patch management. When software updates are not enforced, you’re risking the stability of your IT environment. Experienced hackers are well-versed in system vulnerabilities, and unpatched software makes it easy for them to infiltrate your network.

4. Restrict Rooted Devices 

A rooted device is an Android smartphone or tablet that has been unlocked to customize settings or install unapproved apps. Like “jailbreaking” an iPhone, rooting a device can pose security threats when pirated apps with malware are uploaded. Rooted devices should be restricted or banned for use with company data.

5. Allow Only Approved Apps

Whether you choose a BYOD, COBO or COPE strategy, you should have a list of apps approved for company use. You can configure company-owned equipment to block or disable unapproved apps to ensure compliance and bolster safety measures. Make sure your approved apps are encrypted and meet compliance standards.

6. Avoid Public WiFi and USB Ports

Public WiFi is fraught with security concerns and should be avoided for company business. Unsecured networks are common pathways for malware that can compromise devices and access company data.

Public USB ports are known delivery methods for malware and should also be prohibited. Since data can be easily stored online or in the cloud, consider forbidding USB usage altogether for maximum security.

7. Force Backup Files

Performing regular backups should go without saying, but many businesses are often remiss in maintaining backup schedules. Users should store data created on mobile devices to the cloud rather than on local drives. You can employ cloud backup capability to save and restore data as needed.

8. Report Losses Immediately

Employees should report lost or stolen equipment to management immediately. IT staff can lock or erase missing equipment remotely to ensure data safety. Consider using location services to monitor the whereabouts of devices at all times.

9. Regularly Remind Employees of Best Practices

Once employees understand your MDM policy, you must reinforce that knowledge regularly for best results. You should include mobile device management policies in new employee orientation training and company manuals.

Your MDM isn’t a “set it and forget it” proposition. You should assume that your mobile device management policy will evolve as technology and security advancements change. 

Review your MDM policies regularly and remember to remind or re-train employees on updates as needed.

How to Create a Stronger MDM Policy Today

Having an up-to-date and effective MDM policy is essential to ensure safety, compliance and data integrity. But creating a mobile device management policy isn’t easy, and it often requires advanced IT expertise to develop, deploy and maintain it.

Helixstorm can help you implement a mobile device management policy that will protect your sensitive data and keep your employees productive. In addition, we can provide continuous IT support whenever and wherever you need it. 

Contact us today to learn how our managed IT services make your job – and your life – easier.