Mobile device policies are more critical than ever. Here’s what you need to know…

Data: Ponemon Institute / Image: ZDnet

Data: Ponemon Institute / ImageZDnet

One of the biggest vulnerabilities in endpoint security exists with mobile devices such as laptops, phones, and tablets, according to the 2016 State of the Endpoint Report published by the Ponemon Institute, an independent privacy, data protection and information security research organization. 

ZDnet summarizes the report’s findings, “…its 2016 survey report reveals some telling insights about enterprise mobile security – many of them clearly driven by the BYOD [Bring Your Own Device] trend of recent years.”

“Mobile devices are a particular headache for IT security professionals, because they present a bigger attack surface than PCs residing (relatively) safely within the corporate firewall, for several reasons: mobile devices can be lost or stolen; mobile operating systems generally have less enterprise manageability heritage than desktop OSs; and wireless communications – be they wi-fi or cellular – can be intercepted,” explains Charles McLellan for ZDNet.

While they may pose a risk, mobility solutions are more critical than ever. With mobility solutions in place, organizations can realize benefits like cost savings, improved employee morale and more efficient use of time and resources. So, what can you do to mitigate the risk? Develop BYOD or mobile device policies designed to provide mobile device security and protect your organization’s technology infrastructure and sensitive data. Here are 10 considerations:

1.     The mobile device policy should apply, but is not limited to, any portable owned by your employee or your organization.

2.     It should include any device capable of storing your organization’s information and/or connecting to your network and accompanying media. 

3.     The policy should apply to all employees, including full and part-time staff, contractors, freelancers, and other agents who use a mobile device to access, store, back up, or relocate any client-specific data.

4.     Mobile devices containing organization information, including email and contacts, should be protected by a PIN with a timeout of at most ten minutes.

5.     Connectivity of all mobile devices should be centrally managed by the organization’s IT department/manager and use authentication and strong encryption measures. 

6.     Although IT may not directly manage personal devices purchased by employees, end users are expected to adhere to the same mobile device security protocols when connected to your organization Information Systems and networks.

7.     In order to protect the company’s infrastructure, consequences for failure to comply to protocols should be included in the policy (for example, immediate suspension of all network access privileges).

8.     Prior to initial use on the organization’s network or related infrastructure, all mobile devices should be approved by your IT department/manager. 

9.     Devices should only access the organization’s network and data through the Internet using a secure connection, such as a Secure Socket Layer (SSL) Virtual Private Network (VPN) connection. 

10.  Use of a mobile device as a wireless hotspot should be prohibited while the device is connected to the organization’s network.

Let Sinu help you develop mobile device policies so your employees can be productive wherever they may be, on whatever device they choose, while mitigating the risk to your IT infrastructure and data.