February 8, 2019

Essential mobile device policy considerations for growing businesses

Jim Haviland


Employees at virtually every business, regardless of size, are increasing their use of smartphones for work. More mobility is almost always good for business, but companies need to take control of mobile usage to manage risk and maximize productivity. Every business should have sensible mobile device policies, and most should deploy a mobile device management (MDM) solution that provides control over operating systems, apps and device access.

The first policy bridge to cross is whether you provide the devices yourself or manage a bring-your-own-device (BYOD) policy. Some businesses choose BYOD for economic reasons, although rigorous analysis suggests corporate-liable devices actually cost less.


What to include in your mobile device policy

Regardless of which path you choose, it is essential to put a firm policy in place. For example, you should require employees to update operating systems promptly. If you own the devices and operate an MDM, this is easy. If you choose BYOD, you can at least create a policy requirement stating that employees must apply OS updates as soon as they are available. This will reduce the risk of device compromise and demonstrate that you are making a reasonable effort to protect customer data.

Be clear with your staff about your intention to protect company data while also honoring their privacy. Without transparency on these points, employees might assume the worst and work against you. Set rules about what sorts of work can be done on personal devices and what sorts of work should be done only on company-owned devices. This should extend to what sort of personal use can happen on corporate technology, including what sorts of media and apps are considered inappropriate for the workplace or a threat to mobile security.

If you are BYOD, be sure to monitor your compliance with state and federal rules involving compensation, reimbursements and benefits for corporate usage of employee-owned devices. This is an area where BYOD can become problematic.


Elements of a sound mobile device policy

Implementing the following requirements in your device policy will help to address your greatest risks.

  • Any device that is used to access information associated with your business must meet minimum security and management standards, as outlined in the policy.
  • Security and management standards should be subject to change and managed by an automated MDM tool that will restrict device access or remove company information in response to perceived threats.
  • Devices should be locked when not in use, with encryption enabled.
  • If a device is lost, stolen or misplaced, management must be notified immediately. Part of making this policy work is (1) making certain information is stored off the device in the cloud and (2) communicating that in the event the device is wiped, the data will be saved. If people believe their information will be preserved during a remote wipe, they will be quicker to admit when they have misplaced it.
  • Policy should be spelled out in a document from HR or top management that makes it clear that compliance is a condition of employment.

If you are rolling out a policy for the first time, be aware that you will likely be making updates as your usage matures, the devices evolve and the threat landscape changes. Assure employees that you will re-evaluate the policy as you go, especially if you expect some people to be wary of increased device control.


How to manage your policy with MDM

With your policy written and communicated, you will need a toolset to monitor and enforce your policy. MDM packages have matured over the past decade to include a wide range of controls, content management functions (to share documents or restrict their distribution) and mobile app and website management capabilities.

The following common MDM controls can help you choose the right solution.

  • Require a passcode: The most basic security feature of smartphones, on-board encryption, doesn’t happen until there is a passcode on the device. Fingerprint scans and facial recognition are easy to use and reliable, so it isn’t really that much to ask of users.
  • Enforce OS updates: Security vulnerabilities are discovered on a regular basis and then fixed by the makers of the devices and operating systems. Devices running old versions of operating systems remain vulnerable to new threats.
  • Restrict rooted devices: MDM can immediately report devices that have been compromised and block them from accessing company information.
  • Allow only approved apps: Allowlist apps for use on your phones, and prohibit downloading of all other apps.
  • Force regular backups of files and configurations: Take advantage of cloud backup to store data created and collected on devices.
  • Require the use of location services: All devices should be able to be located and managed at all times.
  • Control usage: By specifying Wi-Fi networks and using geofencing, you can disable devices and generate administrator notifications when a device is removed from a designated area. You can also force devices to reconfigure between shifts or go into a single app or kiosk mode during certain hours.

There are many MDM software packages on the market, mostly offered on a subscription basis. Samsung Knox Manage is a great example of a full-featured but straightforward MDM. It offers consistent management support for all the major operating systems, including iOS, Android, Windows 10 and Tizen, so you can include wearable devices and traditional computers in your policy.

Enforcing all these rules is easier when you own the devices. If your plan is to have mobile devices as part of your operation, it is most certainly easier to purchase devices that you know comply with your minimum requirements, are uniformly manageable by your tools to your policies and can provide a consistent user experience to your users.

If you have sensitive information to manage and reason to use it on the go, buy devices for your employees, use an MDM to make employees very productive while limiting nonbusiness usage, and then sleep well at night.

Small businesses can purchase Knox solutions and devices from approved resellers.

[Icon] close

Get started with Samsung Knox

[Icon] suitcase
Are you a reseller, solution provider, or service provider?

Become a Knox Partner and grow your business today.

[Icon] info

Select a Knox product to start with:

All-in-one Bundle
Knox Suite
Rebranding and Customization
Knox Configure
Fraud and Theft Protection
Knox Guard
Device Protection Plan
Samsung Care+ for Business
Other products & services

Get started with

[Image] Knox Suite

All-in-one solution bundle for enterprise mobility.

  • Get a free 90-day trial for up to 30 devices.
  • A complete set of tools to secure, deploy, manage, and analyze your corporate devices.
  • Try powerful features bundled with Knox Suite.

Knox Suite includes:

Knox Mobile Enrollment Free
Knox Manage
Knox Asset Intelligence
Knox Platform for Enterprise Free
Knox Remote Support
Knox Capture
Knox Authentication Manager

Get started with

[Image] Knox Configure Logo

Rebrand and customize your Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Remotely configure Samsung devices in bulk and tailor them to specific needs, right out of the box.
  • Set up your devices for a one-time deployment, or update them as much as you want.

Get started with

[Icon] Knox Guard Logo

Fraud and theft protection for Samsung devices.

  • Get a free 90-day trial for up to 30 devices.
  • Reduce financial risks and protect assets by remotely controlling Samsung devices.
  • Try all the features of Knox Guard, including SIM control and device locking.

Get started with

[Image] Samsung Care Plus For Business Logo

Device protection plans for your Samsung devices.

  • Limit business interruptions with quick device repairs and replacements. Contact the Samsung sales team to get started.
  • See all your device coverage and claim information in one place.
  • Already purchased Samsung Care+ for Business? Create an account and activate your plan on the Samsung Care+ for Business console.

Other products & services

[Image] Others logo

Modern solutions to address your unique needs.