In 2024, you’re going to have employees that use their phones to do business. It’s just the nature of the modern beast.

But with every piece of internet-connected technology that exists outside your company’s secure IT systems, your company is exposed to cyberthreats that…well, threaten your business with outages, hacks, breaches, and any and all sorts of IT-related terror.

So how do you deal with the increasing number of employees using mobile devices to do company-sensitive work? Let’s find out.

Securing Company-Owned Mobile Devices

The first thing you have to do to protect your business is secure all mobile devices you deploy to your team. You do this by setting limits on mobile devices in a way that meshes with your company’s needs.

Here are some of the main methodologies you should know when it comes to keeping your mobile IT infrastructure together.

1. Mobile Device Management (MDM) and Mobile Application Management (MAM)

As we’ve covered in our recent article on MDM, keeping your company’s mobile devices safe starts with a robust MDM plan. Your MDM plan is your overarching strategy for making sure that your employees’ mobile devices are kept safe, on-premise and off-premise.

Key features of MDM include:

  • PIN code and device encryption
  • Certificate-based authentication
  • Configuration of email and Wi-Fi settings
  • App blacklisting and whitelisting
  • Single sign-on and automated updates
  • DLP configurations and jailbreak/root detection

A steady, solid MDM strategy allows IT administrators to remotely enroll, track, manage, and secure mobile devices based on the employee’s profile and tasks. MDM is like an ever-present watchdog that makes sure that nobody is where they’re not supposed to be.

MAM is a subset of MDM – but instead of general device management, MAM focuses purely on the delivery and administration of enterprise software to the employee’s device. MAM is a tool that allows IT to wipe company-owned apps and data remotely without affecting personal items​

2. Mobile Content Management (MCM)

MCM is all about securing your content, such as shared documents or video or photo files. MCM uses encrypted, managed containers to protect your data from being accessed from mobile platforms.

MCM further ensures that business or enterprise content is kept separate from personal content and, like MAM, it allows IT to delete content from devices at will.

3. Mobile Identity Management (MIM)

MIM is all about making sure that users are who they say they are, offering an additional layer of security between users’ devices to ensure that only trusted devices and users can access enterprise data or applications.

MIM uses common tools that you probably use in your personal life, such as two-factor authentication (2FA), behavioral alerts, and single sign-on (SSO) to manage access across devices and applications.

4. Mobile Threat Defense (MTD)

MTD is a 24/7 protection system that provides real-time information about a device’s risk level by constantly monitoring, identifying, and classifying threats appearing on your network of company-owned mobile devices.

If at any point, there’s a red flag that raises the risk level of a certain device, MDM systems then report risks back to your IT department to deal with the issue right away, or, if your MDM system is set up correctly, it can neutralize the threat before any real issues arise.

5. Unified Endpoint Management (UEM)

UEM is the latest modern evolution of MDM. UEM allows for a centralized, unified system that ensures that the entirety of a company’s IT is safe, secure, and effective, all day, every day. UEM includes not only mobile devices, but all endpoints within an organization, including PCs, laptops, smartphones, tablets, and IoT devices, are UEM offers provisioning, detection, deployment, troubleshooting, and updating abilities through a centralized management console.

6. Microsoft Intune and MDM for Office 365

For Office 365 users, Microsoft has an integrated solution to manage all mobile devices that use Windows OS or Microsoft 365 apps like Outlook or Excel. Microsoft Intune is a standalone, subscription-based MDM platform that offers mobile application management (MAM) and integrates effectively with Office 365.

Microsoft wisely made sure that MDM for Office 365 is a built-in feature – one that is already included in each Office 365 plan, offering lightweight MDM without MAM.

General Tips For Keeping Company-Owned Mobile Devices Safe And Secure

1. Personal Devices vs. Company Devices

The use of personal devices for work (BYOD) is on the rise, as literally any business owner will tell you. While BYOD is cost-effective, it opens you up to bigger security risks. That said, company devices using MDM are often more secure than personal devices, so we highly recommend that.

When it comes to issuing company devices, businesses can issue COPE (corporate-owned, personally enabled) or COBO (corporate-owned, business-only) devices that use enterprise MDM for enhanced security.

2. Implement Strong Password Policies

When it comes to company-owned devices, you can mandate that your employees use complex passwords and update them regularly. A strong, unique password of at least 8 characters, and using a combination of lowercase, uppercase, symbols, and numbers can be all you need to keep your devices safe.

Consider using password managers to generate and store strong, unique passwords. Services like LastPass can generate secure passwords, as well as give you options for storing and keeping those passwords internally.

3. Keep Software Up-to-Date

Vulnerabilities appear whenever apps and operating systems require updates, as it means that hackers can spend time and energy exploring vulnerabilities.

Always make sure all of the devices in your ecosystem run the latest software versions to protect against vulnerabilities. Turn on automatic software updates wherever possible. Even though it may be inconvenient sometimes, it makes a huge difference in terms of security.

4. Use Application Security (AppSec)

As mandated by your company’s MAM, you should always apply security protocols in applications (also known as AppSec) to prevent hacking and information theft.

In many cases, AppSec includes both software and hardware components​ for maximum security.

5. Enable Remote Wipe and Lock Features

With the rise of BYOD mobile devices, physical theft of company-owned devices has become more and more commonplace. With that in mind, get your IT team to set remote wipe and lock capabilities for all of your devices, so you can protect data in case of loss or theft.

6. Avoid Public Wi-Fi

Discourage the use of public Wi-Fi networks, which can expose devices to malware and hackers. Instruct all employees to always use wireless networks, to keep exposure to malicious actors who sit in public areas and attack devices on the same wi-fi networks.

If you don’t have access to cellular networks and your employees absolutely need to use public wifi, ensure they use a VPN to encrypt their internet activity.

8. Zero Touch Portal Enrollment

For Android devices, use a zero-touch portal to automatically configure apps and settings when the device connects to the network.

By using zero-touch, your IT team never has to worry about personal and business applications overlapping as zero-touch automatically makes sure that everything is set up safely.

9. Kiosk Mode

Along the lines of remote wipe and lock features, kiosk mode for enterprises using Windows OS and applications can be a critical tool for your IT team to lock down devices remotely, preventing access to certain applications and websites.

This is especially useful for devices in schools, logistics, retail, and self-service businesses​ where there’s a lot of use by unvetted parties.

10. Geofencing

Use geofencing to track on-site vehicles and personnel, setting up alerts when a device enters or leaves a predefined geographical area. This is more of a niche use case, but in certain situations, geofencing can be extremely critical to make sure that devices aren’t stolen or taken somewhere that they’re not supposed to be.

For retail businesses or events companies, geofencing can be extremely useful to ensure that your mobile devices are kept safe and sound.

Keeping your company-owned mobile devices safe, secure, and efficient requires a multi-faceted approach that includes a whole list of iconic IT abbreviations like MDM, MAM, MCM, MIM, MTD, and even UEM!

The use of mobile devices inside and outside of the workplace is not a trend that is going away anytime soon. As a business owner, it’s up to you (as always) to make sure your mobile device networks are secure, safe, and accounted for at all times.