Six tips for mobile device management security

There has been a lot of discussion this year about the increasing influx of consumer devices being used for both professional and personal purposes. Many organisations are feeling a little overwhelmed as they try to work out appropriate security levels and device management boundaries. When you take into consideration all the platform and application updates chewing through corporate bandwidth, plus the potential for rogue applications and malware to gain illicit access to company data, there are many headaches for security managers to deal with.

Here are six tips to help get the efficient and secure management of mobile devices under control:

1. Have a strong mobile policy

This may seem like an obvious tip, but there is often a clear disconnect between employees and employers' expectations of how consumer devices will be used in the enterprise. Research from IDC found that not only were workers using their devices at twice the rate, they also tended to think employers were far more permissive of the use of consumer devices than they actually were. It is therefore very important to have a mobile use policy clearly defined to avoid these kinds of misunderstandings.

A mobile usage policy is a framework that defines who the users are and what devices, platforms and applications they can and can’t use. Enterprises must clearly define policies around reimbursement for services and what applications users can access via personal devices, along with clear guidance on who controls the data on devices.

2. Create an inventory of assets

How can you be assured of the security of employees' mobile devices if you don’t know how many are out there and what they are? Implementing a robust and regularly updated inventory management system is a vital part of any mobile device management system. While many businesses do have an inventory of fixed and wireless assets, the majority of them are not updated and validated on a regular basis, leading to the potential for security issues to slip through the cracks via unknown devices or inappropriate usage. Businesses with accurate inventories have much clearer insight into their telecommunication environments and as such, more reliable information on which to base policy decisions.

3. Ensure proper configuration of devices

The sheer number of different devices and platforms out there can make the configuration of devices a challenging process. Factor in entry level handsets, smartphones, tablets with different operating systems and employees working in numerous different locations and the issue becomes even more complex. However, if a device is enrolled with a mobile device management server, a configuration profile defined and managed by IT admin can be implemented, enabling the device to interact with enterprise systems. An appropriate level of encryption can also be added to any commands coming from the server to ensure that settings cannot be altered without proper authorisation.

4. Implement appropriate security

Despite the influx of consumer devices into the workplace, many organisations haven’t implemented stronger security controls in response, leaving them at risk of security breaches or loss of sensitive data. Data encryption is a powerful piece of the mobile security puzzle and yet many businesses do not use it on a regular basis. In addition to implementing data encryption, enterprises need to inform workers about the risks of failing to comply with security protocols – there is a good chance that they are unaware of the risks associated with using their personal devices for professional purposes.

5. Regulate application protocols

Taking into consideration that there are thousands upon thousands of mobile applications out there, strong protocols need to be instituted for the deployment of any new applications and the management of existing applications. Malware is steadily creeping into the app world, so even applications from the app store need to be checked before they are allowed into the enterprise. Such malicious applications can take over the mobile device and operate in the background without the user knowing, searching for sensitive information such as passwords or banking details.

6. Provide training and end-user support

A relatively small percentage of the overall functionality of the average mobile device is used on a regular basis. With devices becoming more and more sophisticated, users could end up massively under-utilising all the functions that are at their disposal. As a result, most enterprises would benefit from providing user training, including how to set up email, device customisation, application selection and usage, understanding browser capabilities, using instant messaging, and mobile data services and understanding device functions and shortcuts. Support and training can increase worker efficiency and also reduce security risks, as employees better understand how their devices work.

Managing employee mobility doesn’t need to be a nightmare. With the right systems put into place, employees and employers alike can reap the benefits of mobility.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Gordon Makryllos

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place