Time To Revisit Your Mobile Security Policy

Time To Revisit Your Mobile Security Policy

Michael Thilker, CPA, CITP, Manager
Posted by Michael Thilker, CPA, CITP, Manager on Mar 21, 2019 2:00:00 PM

Info_SecurityDo your employees use smart phones for their jobs? Are they processing payments, looking up information, and contacting customers online? If so, you need to up your security game, and make sure that your security architecture includes your employees’ smart phones. Here are some issues you could encounter, and how to solve them:

Four cracks-in-the-pavement attitudes we have seen in public-sector mobile deployments include:

I only use my phone for email

What’s the problem? If you haven’t taken mobile security seriously because your employees only use email on their phones, this could be a big mistake on your part. Email contains vast amounts of confidential information. Employers that have deployed mobile email without security measures have likely already lost data.

What should I do? Enroll all devices with email access into a unified endpoint management service (UEM). Then in the console, set controls to prevent business email from being shared with other applications. Create an auto-quarantine policy that automatically deletes work email if the device is compromised or falls out of compliance. If the user unenrolls from the UEM service, automatically delete all work email on the device.

My phone doesn’t have much on it

What’s the problem? Phones contain a large amount of local data, often as much as a laptop. However, it doesn’t seem that way because your employees cannot see their phone’s file system. All data sits in the apps on the device, and most apps (especially email) download a large amount of data to the device so users can keep working even if the network connection is poor. You could argue that a phone hosts more data than a laptop because so much app usage on a laptop is done through the browser, while smartphones use device-side apps with stored data. Therefore, you should never underestimate the storage potential of a phone.

What do I do? Be sure to deploy all apps as “managed apps.” This means Android and iOS apps are placed in a trusted digital workspace on the device and can be secured and deleted by your IT department.

But what about my privacy?

What’s  the problem? Many employees don’t trust their IT departments. They are worried about the company spying on their personal data. Many times users have personal information and photos on their phones. For this reason, employees may remove UEM protections from their devices because they worry about IT invading their privacy.

What do I do? Remember, transparency drives trust. You need to communicate with your employees.  Make sure employees know what actions IT can and can’t take on the device. Give employees an incentive to enroll their device in UEM by making compelling work services available only if they do so.

Lock it down—but not too much!

What’s the problem? Taking an extreme approach to security can create the same risk. High-security organizations that need to move fast on mobile tend to lock down all their mobile devices. They turn off features and restrict the employee, basically turning a smartphone into a dinosaur. Then employees get annoyed and start using unprotected personal devices with consumer apps to do their work.

What do I do? Figure out what applications users need and for what job functions. Allow employees to install personal apps on a device that keeps business apps in a protected workspace secured by UEM. Enable single sign-on for all business apps on the device. Most importantly, maintain open communication with employees to understand what apps they want so that those can be deployed as managed apps through the UEM solution.

Contact Us

Topics: Government Entities, Not-for-Profits, For-Profit Entities, Funeral Homes, Construction, Professional Services