As your business evolves from a venture with a few close friends, to a small or medium-sized business with a growing number of employees, there are many things which need to scale up. Your employees are vital to expansion, and so are their devices.
Anything electronic with a CPU can, in some form, be hacked or have its data stolen. Smartphones, tablets, laptops, and desktops are all vulnerable to hacking and data theft. This can include the devices which your company purchases for employees, as well as devices employees bring in to work themselves.
This post looks at seven reasons which will tell you when your business needs mobile device management software. You, your employees, your suppliers, and your customers will all be better protected after investing in this important tool. I’ll start you off by looking at what mobile device management software is so you know how it helps your business.
What mobile device management software is
Without getting into the nitty-gritty details, mobile device management (MDM) is a tool which gives you one dashboard to manage any device the company owns which has the MDM software on it, including devices your employees own and use for work. Mobile device management lets you:
- Remotely wipe entire devices
- Delete and control sensitive data
- Encrypt internal communications
- Track devices for inventory purposes
- Know where devices are physically located
These five features form the basis of what mobile device management software can do for your business. These are vital security functions which can seriously save you in moments of crisis like – Where did Karen leave her laptop with all the client data this time?!?
As you read through the points below, if you check yes on one or more, or the first point alone, it’s time to use a mobile device management tool like Sky Work. We built it from the ground up to deal with these exact issues, and know that you can use it successfully.
1. Regulatory requirements for your industry
You may have started out as one person, with one device, working from your home network company, but the moment that changes you may be required to have mobile device management, or data protection policies, in place. Industries which are typically included in this, which may vary by country/state, include:
- Financial: One of the most regulated industries, with control in the USA given to the Federal Financial Institution Examination handbook. The handbook looks primarily at internal data integrity, and outlines several laws and regulations which must be followed. There is also the Office of the Comptroller of Currency, which primarily looks at data integrity standards when working with third-party providers.
- Retail: There are no federal regulations for retailers, but they must follow the regulations of the PCI DSS which set security standards for credit card payment processing. There is also the matter of protecting consumer data, which is covered in depth in point six below.
- Healthcare: HIPAA establishes the online security standards for every healthcare company, insurer, and third-party provider. You can find the direct Privacy rule in 45 CFR Part 160 and in Subparts A and E of Part 164. You can also look at a combined PDF of all the relevant regulations here. It’s 115 pages, and this is the simplified version. Data and device management are vital to all areas of the health care industry. The regulations set out strict rules for handling data and if you want to stay compliant with HIPAA (US) and similar rules in other countries—the only option is device management.
- Insurance: Regulations vary widely across countries as this is usually set at a local level. As an example, the New York State Department of Financial Services has been working on legislation for the insurance industry since at least 2016. The insurance industry should, in my opinion, be held to as stringent of standards as the financial industry. You need to be prepared now for the laws to move that way, don’t react when these laws come later and you have to play catch up.
- Energy: A not-for-profit known as the North American Electric Reliability Corporation sets the standards for those involved with electricity in Canada, The USA, and parts of Mexico. To quote their Rules of Procedure: “Each bulk power system owner, operator, and user shall comply with all NERC Rules of Procedure that are applicable to such entities by approval pursuant to applicable legislation or regulation or pursuant to agreement.“
- Defense: If you provide any sort of service to the U.S. Department of Defense, you must meet the online security standards of DFARS and PGI. These standards must be met before doing business with the DOD to protect this very sensitive data, so prepare your data protection plans right from the moment you think about pursuing a defense contract. In Canada this is known as the Defence Production Act, and you can be sure every country has some sort of similar legislation.
Be sure to check the local regulations for your industry to be sure you’re in compliance. Failure to do so can result in anything from fines, to revoking of business licenses, to even having to shut down and be audited. This is the one out of seven points that mean you must get a handle on your data, and the devices which contain it, with a mobile device management tool. You don’t need to read further, it’s time to start managing your data now.
2. Your employees are using their own devices at work
Growing businesses often allow employees to bring in their own devices (aka BYOD), which allows new employees to feel comfortable with the devices they’re using…and maybe to cut down on costs a little! While these are two large advantages, they come with the cost of not having as much control over your data as when everything was centralized to devices the company owned and controlled.
Mobile Device Management (MDM) allows you to have all the benefits of BYOD, while minimizing potential problems. With an MDM policy on BYOD you will be able to:
- Remotely delete company data from employee phones
- Track the physical location of devices
- Keep work and personal use apart with separate containers
These features allow employees to use the devices they love and protect company at the same time. Any business thinking about a BYOD policy should think about MDM before moving forward.
I fear that I have lost my work phone.
— another day, another doug (@loxyisme) June 30, 2019
There’d be nothing to fear, for the person above or the company they work for, if there was an MDM on that work phone!
3. You’ve added remote workers to the team
These can be either permanent remote workers, employees working from home for a day or two, or outside vendors needing access to your network. Even if they are using devices owned by your company, they still pose the same security risks (the device is lost/stolen) as BYOD. Remote work is going to expand, and you can be prepared for it…to the delight of your employees!
The video above talks about all of the benefits for employees and employers, but does little to explain what a company actually has to do. If you want to do this intelligently, you need a tool like Sky Work to manage it all for you. There could be employees you will never physically meet, but you can still manage their data, and remove your data from their machines easily when they move on.
4. Control app downloads on your company’s devices
MDM software allows you to restrict which apps are installed on company owned devices. Many common apps pose security risks to many business, not to mention employees accidentally installing apps with have malware built into them. Here’s a scenario:
- Your employee sees an ad in an email for an app they like.
- They click on the ad and are sent to a website instead of an official Google/Apple store.
- Your employee believes they are on an official site, and they download an app onto a company device.
- This app is infected with malware, and the employee is completely unaware of this.
- No one discovers there’s a problem until after a data breach occurs.
This nightmare scenario can happen easier than you think. One employee making a simple mistake can lead to a cascade of data loss, injuring your entire company. You can prevent this from happening by not allowing them to download apps onto their phone in the first place, or by creating separate work/personal containers which keep personal infected apps away from work data.
5. Control of major updates to your systems
Having updates done for security reasons can fly over the head of the average employee. They simply don’t think it’s important, and can close down that reminder window for days before they’re annoyed enough to get it done.
Every single week my laptop: there is a new windows update!
Me: no i dont want to
— bi-derman saw ffh (@IR0NSPIDEY) November 25, 2017
If your employees don’t want to listen to their laptop, an MDM gives you the ability to force updates so patched vulnerabilities don’t impact you. As you can gather from this list so far, the issue is with human error over actual issues with machines. If the security fix is there, don’t wait for people to comply when there’s the option to get it done right away.
6. You have any consumer or customer data on devices—at all.
The disclosure of data breaches is gaining more and more attention as of late, and this is leading to more regulations. While there are no federal laws, many states in the USA are enacting laws of their own, and the Federal Trade Commission can give penalties to companies which do not disclose of breaches quickly. This was the case with ChoicePoint when 160,000 consumer records were compromised, resulting in a $10 million fine from the FTC. Uber was hit with a huge fine, $148 million USD, for a data breach they didn’t disclose properly when they should have known better and not let the breach happen in the first place.
@Uber Data Breach and Cover Up.
Can’t trust this company’s security posture or to handle the discovery responsibly and ethically.
Don’t millennial #startups know they need a CIPP/US Data Privacy Professional to advise them how to protect the PII introduced onto their servers? pic.twitter.com/iZVRmFab0Q
— Christina Haftman (@Cr8DigitalAsset) November 28, 2017
If your company handles any sort of customer data, from something as simple as addresses to as sensitive as credit card data, every step must be taken to protect it. Consumers are trusting you with their data, and if you break their trust a fine from the FTC may be the least of your worries as consumer trust can rapidly diminish. You don’t want your company to send out the letter above. You don’t want your customers talking that way about you online.
7. Reduce costs through reusing licenses
When you purchase a license for software for an employee on their BYOD device, it often means that this license is only going to be used on their machine or for that user. This is certainly true when employees purchase apps they need on their own for later reimbursement.
An MDM allows you to not only delete the software from the employee’s device (whether it’s BYOD or not), but will also allow you to revoke the license. This license can then be used for another employee, or even their direct replacement.
Another issue with licenses can include:
- Four people share an Apple ID.
- One person leaves the team under adverse conditions.
- This disgruntled employee can lock up apps associated with the Apple ID, or even delete data.
No one wants to think about this, but a wide variety of ex-employee sabotage via digital means can and do happen. An MDM prevents this from happening by allowing you to instantly revoke their access easily during the meeting where they’re being informed of the fact you’re letting them go.
Your business needs to invest in mobile device management
If your business checked off a single one of the above points as a ‘yes’, then it is time for you to start considering your mobile device strategy and how an MDM will help you protect your business, your customers, your employees, and your suppliers. Even better, you may save yourself from the embarrassment HMV suffered after this incident below where they didn’t have control over devices or their official Twitter account:
Sky Work is exactly such a tool. Learn more about how it works to see how it will impact your specific business with easy-to-use security policies, and protect everyone involved with your business – even Karen when she loses her laptop with all the customer data again. Come on, Karen!!