Does Your Business Have A Mobile Device Policy?

It's a big convenience for employees to be able to access the company network from their own mobile devices. At the same time, letting outside devices onto the network is risky. An employee's smartphone might have malware on it, or someone might steal it and retrieve confidential data from it.

Many businesses have a BYOD (bring your own device) policy which puts conditions on mobile use. Getting people to comply is another matter. Mobile device management (MDM) software solves this problem by allowing only approved devices onto the network.

Mobile device risks

Infected mobile devices are a serious risk on a company network. The infection rate has been growing rapidly. Many people are careless about their security practices. Older devices may not be getting security updates any more. Malware on phones may try to steal confidential data or infect other devices on the network.

If devices don't use encryption, they put any company data on them at risk. A stolen phone could hold confidential data or trade secrets that get into an identity thief's hands. If the company is found negligent, it could face lawsuits or fines.

Policies aren't enough

A BYOD policy outlines what employees are allowed to do with mobile devices. It should require people to lock and encrypt their devices and to have security software on them. A review of each device before it's allowed on the network should be mandatory.

Unfortunately, it's easy to get around policies. If all that's necessary is the Wi-Fi password, some people will use whatever device they have, whether it's approved or not. It's difficult to catch them, and the damage may be done by the time anyone in IT notices.

MDM automates BYOD policy

What's needed is software that allows only approved devices and access methods and can shut misbehaving phones out. That's what MDM is about. Employees with approved devices must install an MDM client on their phones, which controls communication with the network. The software can either be installed on the business's premises or run as a cloud service. On-premises software requires more work to manage, but it allows more control.

Devices under MDM management identify themselves using public-key authentication before they're allowed to connect. They typically store company data in a separate area from personal data. It's protected by encryption.

Some people "jailbreak" or "root" their device in order to do things which the vendor doesn't allow. Doing this greatly increases its vulnerability, and MDM software will detect this and ban the device from the network.

Other benefits of MDM

In addition to keeping out unsafe devices, MDM provides several other advantages. It can:

  • Enforce password policies

  • Log device usage

  • Update software automatically

  • Wipe lost or stolen devices

However, MDM isn't set-and-forget software. The management needs to keep the inventory of authorized devices up to date, removing employees when they're no longer working there. Policies need to be tailored to the business's needs, striking the right balance between security and usability. Some employees either won't have qualifying devices or don't want company software on them, so it may be necessary to issue company devices to them.

Employees will typically access business servers through a Wi-Fi access point or a VPN. MDM works best when it's integrated with other network security measures. It also needs to work well with the server software which employees need to access. When the parts of the network fit smoothly together, security doesn't get in the way of doing work.

Allowing unrestricted mobile access to a business network puts it at serious risk. A BYOD policy helps, but without automatic enforcement, it doesn't stop mistakes and shortcuts. MDM is the only effective way to let employees use personal mobile devices without excessive risk.

Contact us at White Mountain IT for expert help in managing your network.

With the surge in the number of small and medium businesses that have fallen prey to malware and cyber criminals, there is a lot of focus of what an organization can do to prevent being a victim and how the company should handle themselves after an attack. There is another key factor to preventing cyber criminals from penetrating into your network:...

- Onsite Service Coverage Area -

Onsite Computer Support Services are available to businesses within 100 miles of Nashua New Hampshire. We have excellent onsite coverage from Concord NH, south through Manchester NH and then down into Boston. From Northern and Central Mass we cover from Worcester, east to the North Shore, including the Salem and Portsmouth NH area.



White Mountain IT Services
33 Main Street Suite 302
Nashua, New Hampshire 03064


 padlock1  Cyber Security Toolkit

cloud desktop2 Cloud Desktop Login

Open Positions