It’s amazing what small companies can accomplish today using mobile devices. But the more we connect to our business IT networks via smartphones, tablets, and laptops, the more cybercriminals will target us. Protect your firm with a mobile device management program.
Gaze back through ancient history — which for computer equipment is about five years — and ask yourself how much of your work involved mobile devices and apps (heck, did you even really know what an “app” was five years ago?) compared with today.
If your work has been shifting significantly toward mobile, there’s probably a good business reason for it: In Verizon’s 2020 Mobile Index Survey, 80% of SMBs said using mobile devices to access business systems is key to their profitability and productivity.
Unfortunately, the additional risk created by mobile devices is also well-documented, as I’ll explain below. But first, some background about how companies can manage this risk through a tool called mobile device management.
What is Mobile Device Management?
In IT industry terminology, mobile device management (MDM) is a category of third-party tools that help organizations configure, track, and protect smartphones, tablets, and laptops that have access to its IT network.
This allows an IT staff (or an external managed IT services provider) to monitor each connected device for cyber attacks, and also remotely adjust settings, apps, encryption, etc., to some or all of the devices. It’s connected via apps installed on your employees’ devices, so you have control that allows you to, for example:
I’ll get into more detail about the capabilities of these tools in the section about what to look for in a mobile device manager provider.
What Mobile Device Management is NOT: Big Brother
Employees may be wary about mobile device management tools. Understandably, they don’t want their employer to have access or control over their private use of their mobile devices.
Your team should know that mobile device management systems don’t allow the employer or third parties to see personal images or texts, or to eavesdrop on phone conversations. Tracking features are designed to help locate lost devices, not track employees’ whereabouts 24/7.
If you implement mobile device management on personal devices, explain to employees that it is used to protect the company data accessed via those devices by enforcing minimum security requirements.
And if you issue company-owned devices, explain that mobile device management allows the company to control what employees can and can’t do with those devices, but it doesn’t allow the company to do surveillance on the users.
Small Businesses Take a Big Hit From Cybercrime Aimed at Mobile Devices
Another result of the Verizon 2020 survey that caught my eye, as a small business owner, was:
Too many SMBs lack the in-house expertise to detect a mobile security incident quickly, and to react properly to remediate the damage. And we’re less able to afford the aftermath if our current customers leave and/or our public image takes a hit.
How big a hit?
According to a 2019 National Cyber Security Alliance survey, 28% of SMBs had suffered a data breach within the previous year, and of those, one in four declared bankruptcy and one in 10 went out of business. Of the SMBs that suffered a data breach:
Okay, we’ve established that the threat is real and the consequences flat-out stink, so let’s move on to how mobile device management can help you avoid adding to next year’s terrifying cybersecurity survey results.
Five Things to Look for in a Mobile Device Management System
If you outsource your IT to a managed IT services provider, that firm should be able to help with due diligence in choosing a mobile device management provider best suited to your operations.
A popular choice among TechGen’s clients, which range generally from 10 to 50 employees, is Cisco Meraki Systems Manager. Another common choice is Microsoft Intune, which some of our clients have included in higher-tier Windows 365 subscriptions.
Basic overview of how mobile device management works:
Here are the general capabilities a mobile device management solution should give your company:
IT GIVES YOU the ability to find and identify all mobile devices attached to your network, including their location.
IT’S IMPORTANT BECAUSE you should be able to account for all of the devices that can connect with your network. Quickly spotting unauthorized devices, or authorized devices that aren’t properly protecting your data, can help you close security gaps before you get stung.
Block rogue devices. Look for a solution that can not only spot unauthorized devices on your network, but also identify whether it’s a smartphone, tablet, PC, etc., and its manufacturer/operating system, so you can lock out repeat offenders.
Get snapshots of mobile activity. The tracking feature can produce regular reports on useful metrics, such as employees’ bandwidth and app usage rates (more about app usage in #3).
IT GIVES YOU control over the settings each connected device needs to securely connect with your network.
IT’S IMPORTANT BECAUSE you can use this access to each device’s settings to configure them remotely without asking your employees to bring the devices in, or worse, do it themselves.
Apply uniform security settings. Generally, the goal is to be consistent with all the settings that affect cybersecurity — such as the device’s ability to connect with unsecured Wi-Fi networks — while minimizing disruptions to your employees’ work.
IT GIVES YOU authority over which types of apps the managed devices can and can’t use, and the ability to remotely install specific apps your employees need for your business.
IT’S IMPORTANT BECAUSE some apps pose a serious security risk, either because they’re designed to get malware into your IT network, or they have a vulnerability that cyber thieves have learned to exploit.
“Whitelist” approved apps. You can use your mobile device management tool to create a list of apps that are allowed to be downloaded by each type of device.
No free passes for Apple App Store and Google Play Store. A report about the state of mobile security in 2020 by the cloud security company, Wandera, shows that it’s not safe for companies to simply allow only apps from the two major app outlets. The sheer quantity and complexity of apps has overwhelmed the ability of these stores to test apps for security vulnerabilities or even malicious code.
Beware the jail breakers. Wandera research also shows that one in five Android users have “jailbroken” their devices to allow them to install sketchy “third-party” apps from outside of the Play Store. Wandera’s recommendation: Use a mobile security solution that includes an app vetting component and the ability to automatically detect and shut down suspect apps.
IT GIVES YOU the power to require your mobile device users to use proper password hygiene. The mobile device management system can require strong passwords and/or two-factor authentication (2FA).
IT’S IMPORTANT BECAUSE many people still recycle one password for multiple personal and business accounts and/or they use easily hacked passwords. Cyber thieves exploit these habits with hacking techniques such as credential stuffing, which can easily lead hackers from personal mobile accounts into your business IT network.
Set login requirements to stop “recycling.” A mobile device management tool can not only require strong password standards, it can prevent people from using the same password for multiple accounts.
In a survey by Security.org, 72% of respondents said they recycle passwords (an average of four times). Even worse, 63% of these recyclers said they use the same passwords for non-important accounts like social media and for important accounts such as business.
Require 2FA for business accounts accessed via mobile devices. This means that, in addition to a password, users must enter a code that’s sent via email or text, or that’s generated by a separate device such as a key fob.
The 2020 State of Password and Authentication Security Behaviors Report by the Ponemon Institute touts the value of 2FA, but says only 35% of the users surveyed use 2FA for work.
IT GIVES YOU an extra layer of security on data that is stored and exchanged on mobile devices.
IT’S IMPORTANT BECAUSE it makes your data useless — or at least less attractive — to cybercriminals, and because it protects your company’s data when an employee’s device is lost or stolen.
Encrypt sensitive data that is sent over public networks. Only 51% of the companies surveyed for the Verizon report I mentioned earlier said they do this. People send data from mobile devices too often via unsecure public networks not to encrypt that data.
Make a would-be hacker’s job on a lost/stolen device MUCH more difficult. If you’ve configured all of your managed mobile devices for whole-disk encryption and PIN security codes, a lost or stolen device will be very difficult to crack. And as soon as you know the device is missing, you can wipe your company data from it if necessary.
Wipe data from the devices of people leaving the company. As soon as you’re aware that an employee or contractor should no longer have access to your company data, you can wipe that data whether the device is on site or not.
Balancing Convenience With Security is Key to Mobile Device Management
In a 2019 survey by NetMotion of workers who rely on mobile devices, 20% of the respondents listed restrictive IT security policies as their most frustrating issue at work.
We cybersecurity geeks want to protect your mobile device data in every way possible. But we know it’s just as important for your employees to be able to do their jobs effectively.
Mobile device management tools allow you to adjust authentication requirements, depending on what’s working well for your company. These solutions can also help you protect business data on mobile devices without encroaching on your employees’ personal usage and data.
Your goal should be to find a balance between the convenience and privacy of your mobile device users and your company’s need for reasonable data security.