In the era of bring-your-own-devices, companies have a choice to make: Do we provide our own devices for employees to use, or do we let them bring personal devices in for work purposes? But how does a company protect themselves from data leaks, hacks, and other perils that come with multiple access points?
Personal devices open the door for data leaks and hacks because they’re often less protected than business devices. Human error can lead to copy and pasting sensitive information into the wrong email address, sharing on social media, or messaging to the wrong person. Further, copy and pasting sensitive information and sharing through any type of technological device makes an easy target for hackers to pick.
Mobile Device Management (MDM)
Before personal devices became commonplace, Mobile Device Management (MDM) was the primary way to deal with mobile devices. Company-issued devices could be tracked, managed and secured through these practices. MDM practices include:
- Device activation
- Enrollment
- Remote wipe
- Remote lock-out
- Managing enterprise applications
- Configuring Wi-Fi access
These required a signed agreement for the company to delete data.
However, this heavy restriction on devices became difficult to implement as personal devices became widely spread. In fact, according to research done by Dell, 60% of people reported use of a personal device for work purposes. Employees were resistant to the idea of having their entire devices wiped should anything happen with their employer. A more precise way to implement restrictions was needed.
Mobile Application Management (MAM)
A better way to control data management is through Mobile Application Management (MAM). This setup is ideal for companies who don’t want to provide all devices needed for work or who utilize contractors and consultants who need to be able to access data that’s relevant to their services.
MAM targets applications on a device, rather than covering the entire device itself. This means personal devices can still be used, but restrictions to work-related applications apply (like copy and paste restrictions, encryption, gated access, etc.) Because personal devices are so prevalent and will often be used at work, this is typically a better choice for businesses.
MAM is used to:
- Resolve the issue of multiple devices
- Separate personal use from work use, targeting work-related applications alone
- Comply with GDPR standards
- Remote update and patch software for improved security
- Require multi-factor authentication
- Encrypt sensitive information
- Remote wipe work-related apps and information
- Restrict access
- Restrict ability to copy/paste within work applications
- Enforce the use of passcodes
- Control access and feature options within applications
How Does this Affect Your Business
Your employees may need to use a phone or tablet for their job. If your company provides it, you can implement MDM practices, but be sure to notify your employees up front. They should know to keep their personal and professional devices separate, given the possibility of a complete data wipe as needed.
Even if you decide to go the MDM route, we recommend adding MAM features, as well. Restricting access is a good way to protect your company from data leaks.
All of your employees have personal devices that they bring to work. If you’re not confiscating them upon entry to your building, your employees are using them on-site. Any job-related activities that your employees may want to link to their personal phones should require some best practice preventative measures:
- Access codes required for entry
- Restricted access to highly personal, sensitive data
- Copy and paste restrictions
- Encryption and secure network protocols
Who To Call for Help
With all the personal devices floating around your workplace, it’s better to err on the side of caution. Regulating so many devices can be an overwhelming task for a small IT department. Contact a managed service provider (MSP) who knows regulatory compliance, understands application management and has a strategy to help you implement MDM and MAM as you require.
If you’ve never met with an MSP before, here’s a list of some of the best questions to ask (to get you started).
Subscribe to our blog
