Mobile device management (MDM) policy best practices

Smartphones and other devices can be a boon to productivity, but they are also a security risk. A well-crafted MDM policy helps you mitigate those risks.

September 13, 2021

Article highlights

Mobile devices are effectively ubiquitous in today’s world, with 85 percent of Americans saying they own a smartphone. And the way they’re using these devices is changing, too.

A recent survey showed that 67 percent of people are using their personal phones for work business, including calls and emails. Whether it is a personal or company-owned mobile device, this technology has become central to work for many Americans. Some 87 percent of employers require employees to do work on mobile apps for their jobs.

While there are many benefits that come with relying on mobile devices, there are also drawbacks. It creates an additional layer of complexity, with more devices to manage. And most importantly, each mobile device is an additional potential exploitation point for hackers.

With the risk of data breaches increasing, this problem isn’t getting any smaller, according to CSO Online.

“The average cost of a corporate data breach is a whopping $3.86 million, according to a 2020 report by the Ponemon Institute. That's 6.4% more than the estimated cost just three years earlier, and the nature of the pandemic is expected to bring that cost up further yet, given the extra challenges presented by the work-from-home arrangement.”

In this high risk, high reward space, employers can both protect themselves and set employees up for success by adopting a mobile device management policy. This article will take you through the benefits and challenges of an MDM policy, as well as looking at the needs of specific industries and the best practices as you consider developing your own policy.

We’ll also explore some mobile device management policy samples as you consider what other employers have done when faced with the same challenge. Since mobile devices are only going to play a bigger role in the life of your business, you need to be proactive and have a plan in place of how to manage them.

What is a mobile device management policy?

Put simply, an MDM policy is a set of guidelines that explain how employees should use mobile technology on the job, and how you will protect those devices from cybersecurity threats.

That sounds simple, but it requires covering all of your employees (including full- and part-time staff and contractors), and all of the devices that they use. An MDM policy should include:

  • Smartphones,
  • Cellphones,
  • Laptops,
  • Tablets,
  • E-readers,
  • Wearable computers such as smartwatches,
  • Gaming devices,
  • And any other mobile technology capable of storing data and connecting to a network.

Your mobile device management policy and practices must address each of these devices and dictate what employees can and cannot use them for, as well as creating a security plan that helps safeguard against the threat that each represents. 

Because as mentioned above, hackers know these devices are present in the workplace and target them to try to break into your systems.

Importance of a mobile device management policy

According to security firm Check Point, 40 percent of mobile devices are prone to hacking, but the threat doesn’t stop there. 

“Moreover, it was brought up that about 97% of companies worldwide dealt with mobile threats that utilized several attack vectors. Not to forget that at least one employee in 46% of the companies reportedly downloaded a malicious application on their phone. With the rise of COVID-19 and the expansion of the work-from-home culture, the attacks on people’s personal gadgets (used for professional reasons) have been increasing significantly.”

Devices can be hacked, stolen, or otherwise compromised, creating significant risk for users and for employers.

There are other concerns, including that employees have been found to use mobile devices for personal reasons, which can lead to lost time and distraction.

At the same time, mobile devices bring significant boosts to a workplace. For instance, a Google study showed that 75 percent of users said that smartphones made them more productive. 

Mobile devices are an undeniable part of a modern workplace, but the risks aren’t going away, which is why it’s essential to develop a mobile device management policy.

Such a policy creates clarity for your employees by setting guidelines around what devices can be used, how they can be used, and what security protocols must be followed. It clearly states what is and isn’t acceptable.

It also sets standards around cyber security measures. Attacks will come, and rather than react when they arrive, you can be proactive in protecting against them.

When considering developing an MDM policy, it’s also important to think about the needs of your industry. If your employees are on the go, a mobile device with access empowers them to reference mission-critical policies and procedures any time, anywhere.

Mobile device management policy best practices

There are key mobile device management policy best practices to consider as you develop your own policies and consider security concerns. Consider reviewing the IBM Security best practices list, as well as our recommendations.

  1. Whenever there is a hack or a data breach, require employees to report it to IT immediately. Compromised devices should be locked or erased immediately.
  2. Require passwords. All mobile devices should be password protected, and two-factor authentication is the gold standard for digital safety.
  3. Limit which apps are allowed. Some apps bring a risk of malware. Only allow approved apps.
  4. Use anti-virus software. Such software will automatically search for threats and can warn your IT team as they arise.
  5. Avoid public wifi. Unsecure connections are a prime source of breaches.
  6. Push updates and force data backups. Your IT team can automate these processes, which will make sure devices have the most updated software and that data is saved in the event a breach happens.

A good MDM policy must also take into consideration any relevant laws or guidelines that affect your industry. Healthcare, for example, has strict privacy laws around patient information that you must take into account.

You also want to outline any rules regarding bring-your-own-device (BYOD). If employees are using personal mobile devices for work purposes, that brings in additional considerations to make sure work information is effectively secured.

The policy should address responsibility. Who is tasked with making sure the demands of the policy are met? What aspects of it fall to employees, and what will be handled by your IT department?

How to implement a mobile device management policy

Now that you’ve considered best practices and are ready to develop and implement your own MDM policy, you’ll want to make plans to get the policy to your employees and train them in it. After all, a policy is only effective if your employees understand it and know how to put it into use.

A policy management software such as PowerDMS can help in this effort. Such systems allow managers to push policy updates directly to employees, including on mobile devices, and it captures and tracks employee signatures so you know who still needs to review these important updates.

Taking on this effort is a big task, as you’ll need to cover all of your employees and all of the mobile devices in your workplace, as well as assessing all security risks. By bringing department leaders and your IT department into this effort, you can make the task easier. And by involving others, you increase the buy-in.

As you’re getting ready to undertake this work, it can be helpful to review a mobile device management policy sample. Here are two sample policies: bc3.edu and wcccd.edu.

Take steps today to protect yourself going forward

Cyber threats are looming, and the odds are that you’ll face an attack of some kind, if you haven’t already. When an attack comes, it’s likely going to target some of the many mobile devices in your digital network.

But you don’t have to sit and wait for such an attack to come. By developing strong mobile device management policy and practices, you can create strong security practices and put them into use across all of the devices used by your employees. You’ll be more likely to ward off any attack that comes, and if a device is compromised, your team will know exactly how to respond to the threat.

As the world moves more and more into the mobile space, this is only going to become more important.

A policy management software like PowerDMS can be a great tool to use in this effort. Such a system allows you to easily create, store, distribute, and track your MDM policy. It also gives your employees access to job-critical policies while they’re out in the field or on the job, and you can control this access based on permission level.

Now that you understand the importance of mobile device management policies, you’ll want to check out our article, 10 essential workplace policies for your organization, to see the other essential policies for any employer.

Related Article

Footer CTA Image

Start writing more effective policies

Start writing more effective policies

Write policies and procedures that better protect your organization and employees with our free 12-page guide.

Download Free Guide