As your business evolves from a venture with a few close friends, to a small or medium-sized business with a growing number of employees, there are many things which need to scale up. Your employees are vital to expansion, and so are their devices.
Anything electronic with a CPU can, in some form, be hacked or have its data stolen. Smartphones, tablets, laptops and desktops are all vulnerable to hacking and data theft. This can include the devices which your company purchases for employees, as well as devices which employees bring in to work.
This blog post is going to look at six reasons which will clearly tell you when your business will need mobile device management software. You, your employees, your suppliers, and your customers will all be better protected once you know it’s time to invest in this important tool. I’ll start you off by looking at what mobile device management software is so that you will know how it will help your business.
What is mobile device management software?
Without getting into the details, mobile device management is a tool which will give you one dashboard to manage any device the company owns which has the software on it, including devices your employees own and use for work. This will give you the ability to:
- Remotely wipe entire devices
- Delete and control sensitive data
- Protect internal communications
- Track devices for inventory purposes
- Know where devices are physically located
These five important points form the basis of what mobile device management software can do for your business. As you can see, these are vital security functions which can seriously save you in moments of crisis – Where did Karen put her laptop with all the client data this time?!?
Regulatory requirements for your industry
You may have started out as one person with one device, working from your home network, but the moment that changes you may be required to have mobile device management, or data protection policies, in place. Industries which are typically included in this, which may vary by country/state, include:
- Financial: One of the most regulated industries, there are regulations put in place in the USA by the Federal Financial Institution Examination handbook, as well as other industry regulators such as the Office of the Comptroller of Currency.
- Retail: There are no federal regulations for retailers, but they must follow the regulations of the PCI DSS. Security standards are set by this group for card payment processing.
- Healthcare: HIPAA establishes the online security standards for every healthcare company, insurer, and third-party providers.
- Consumer data: The disclosure of data breaches is gaining more and more attention as of late, and this is leading to more regulations. While there are no federal laws, many states in the USA are enacting laws, and the Federal Trade Commission can give penalties to companies which do not disclose of breaches quickly. This was the case with ChoicePoint when 160,000 consumer records were compromised, resulting in a $10 million fine from the FTC.
- Insurance: Regulations vary widely across countries as this is usually set at a more local level. As an example, the New York State Department of Financial Services has been working on legislation for the insurance industry since at least 2016.
- Energy: A not-for-profit known as the North American Electric Reliability Corporation sets the standards for those involved with electricity in Canada, The USA, and parts of Mexico.
- Defense: If you provide any sort of service to the U.S. Department of Defense, you must meet the online security standards of DFARS and PGI. These standards must be met before doing business with the DOD to protect this very sensitive data. In Canada this is known as the Defence Production Act, and you can be sure that every country has some sort of similar legislation.
Be sure to check the local regulations for your industry to be sure you’re in compliance. Failure to do so can result in anything from fines, to revoking of business licenses, to even having to shut down and be audited.
BYOD devices are accepted into the workplace
Growing businesses often turn to BYOD policies so that new employees feel comfortable with the devices they’re using…and maybe to cut down on costs a little! While these are two large advantages, they come with the cost of not having as much control over your data as when everything was centralized to devices the company owned and controlled.
Mobile Device Management (MDM) allows you to have all the benefits of BYOD, while absolutely minimizing the problems. With an MDM policy on BYOD you will be able to:
- Remotely delete company data from employee phones
- Track the physical location of devices
- Keep work and personal use apart with separate containers
These points allow BYOD devices to be owned by the employee while company data can still be controlled separately. Any business thinking about a BYOD policy should think about MDM before moving forward.
There’d be nothing to fear, for the person above or the company, if there was an MDM on that work phone!
Remote workers are added to the workforce
These can be either permanent remote workers, or employees working from home for a day or two. This can also include frequent third-party companies that need access to your network. Even if they are using devices owned by the company, they still pose the same security risks (the device is lost/stolen) as BYOD.
The video above talks about all of the benefits for employees and employers, but does little to explain what a company actually has to do. If you want to do this intelligently, you need a tool like Sky Work to manage it all for you. There could be employees that you will never physically meet, but you can still manage their data, and remove your data from their machines easily.
To control apps on company devices
Quality MDM software will allow you to restrict which apps are installed on company owned devices. Many apps have security issues which can result in loss of data, while the worst have malware built into them. Here’s a scenario:
- Your employee sees an ad in an email for an app they like.
- They click on the ad and are sent to a website instead of an official Google/Apple store.
- Your employee believes they are on an official site, and they download an app onto a company device.
- This app is infected with malware, and the employee is completely unaware of this.
- No one discovers there’s a problem until after a data breach occurs.
This nightmare scenario can happen easier than you think, especially if an attacker carries out a spear-phishing attack against a specific employee. Have you never heard of spear-phishing? It accounts for 91% of online attacks! An MDM can protect you by restricting app downloads to specific apps only, or specific trusted sources only.
Company control of major updates to systems
Having updates done for security reasons can fly over the head of the average employee. They simply don’t think it’s important, and can close down that reminder window for days before they’re annoyed enough to get it done.
If your employees don’t want to listen to their laptop, an MDM should give you the ability to force updates so that these vulnerabilities don’t impact you. As you can gather from this list so far, the issue is with human error over actual issues with machines. If the security fix is there, don’t wait for people to comply when there’s the option to just get it done right away.
You have any consumer or customer data on devices—at all
The disclosure of data breaches is gaining more and more attention as of late, and this is leading to more regulations. While there are no federal laws, many states in the USA are enacting laws of their own, and the Federal Trade Commission can give penalties to companies which do not disclose of breaches quickly. This was the case with ChoicePoint when 160,000 consumer records were compromised, resulting in a $10 million fine from the FTC. Uber was hit with a huge fine, $148 million USD, for a data breach they didn’t disclose properly when they should have known better and not let the breach happen in the first place.
If your company handles any sort of customer data, from something as simple as addresses to as sensitive as credit card data, every step must be taken to protect it. Consumers are trusting you with their data, and if you break their trust a fine from the FTC may be the least of your worries as consumer trust can rapidly diminish. You don’t want your company to send out the letter above. You don’t want your customers talking that way about you online.
Reduction of costs through reusing licenses
When you purchase a license for software and give that to an employee on their BYOD device, that often means that this license is only going to be used on that machine or for that user. This is certainly true when employees purchase apps they need on their own for later reimbursement.
An MDM will allow you to not only delete the software from the employee’s device (whether it’s BYOD or not), but also allow you to revoke the license. This license can then be used for another employee, or even their direct replacement.
Another issue with licenses can include:
- Four people share an Apple ID with the same password.
- One person leaves the team under adverse conditions.
- This disgruntled employee can lock up apps associated with the Apple ID, or even delete data.
An MDM prevents this from happening by allowing you to instantly revoke their access easily during the meeting where they’re being informed that they’re being let go.
Your business needs to invest in mobile device management
If your business checked off a single one of the above points as a ‘yes’, then it is time for you to start considering your mobile device strategy and how an MDM will help you protect your business, your customer, your employees, and your suppliers.
Sky Work is just such a tool. Learn more about how it works to see how it will impact your specific business with easy-to-use security policies that protect everyone involved with your business – even Karen when she loses her laptop with all the customer data again.