U.S. job growth is seeing an uptick as millions of Americans are getting vaccinated and states are loosening operating restrictions. Considering that businesses are hitting their stride in this new reality, let’s visit an important conversation for IT directors at every organization.
With basic understanding of enterprise mobility and mobile device management, and a look at what options are available, companies should be able to move forward with confidence. This article sheds further light on some of the most important and complex decisions IT executives will need to make regarding enterprise mobility.
How Are BYOD Policies Vulnerable?
In today’s economy, and across many industries, working from home has become ubiquitous. As access to company data expands beyond the office, employees can expose the network to security threats with use of their personal devices. Whether employees are using a mobile phone or laptop, it is likely your company now has more exposure to new cyber threats. With the cybersecurity landscape evolving, it’s more important than ever to put smart policies in place.
While there are several ways companies can choose to organize mobile device management, each one has its limitations. Our advice is to research them all thoroughly before investing in any policy.
“Bring your own device,” or BYOD, policies can be implemented with complete MDM (mobile device management) control, limited MAM (mobile application management) policies, or simple MFA (multi-factor authentication). MFA allows for user authentication, but doesn’t provide the added security of device authentication. Keep in mind that MFA is no longer enough to ensure security, as bad actors and hackers can change a user agent string to make their Linux or Windows computer emulate the iOS or Android device of your employee.
The Evilginx attack of 2017 proved the vulnerability of MFA-only policies. This major event showed corporations and organizations around the world that MFA can be cracked with man-in-the-middle proxy attacks and other advanced phishing scams.
Pros and Cons of Bring Your Own Device (BYOD) Policies
When you are determining the best solution for your company, you should consider your company’s size, the type of information you need to store, and how many employees need remote access, among other factors.
There are three ways that companies can implement personal device security policies. Each policy has its own unique benefits and drawbacks, specifically when it comes to expense and employee morale.
In a structure where employees are forbidden from using personal devices for work, the company is providing all necessary computing and communications devices, including laptops, smartphones, and tablets.
Pros: This is the most secure option. When the company owns all the devices being used, it also has complete liberty and rights to enroll employees in a fully mobile device management platform, such as Microsoft Intune. The company will have full administrative control over all the devices, including the ability to track locations and remotely wipe devices.
Cons: While you get the most protection managing a company-owned fleet of mobile devices, security has its price. To execute this strategy, the company needs to provide identical devices to all employees and cover the administrative overhead of enrolling all the devices. Depending on your company size and budget, the cost may rule out this policy as a viable option for now.
Allow BYOD and Require MDM Enrollment
Under this hybrid policy, employees are allowed to access work data using personal devices, but they are required to enroll the device into a MDM platform. This policy gives the employer the most control over the security of off-campus data with personal devices.
Pros: It’s more affordable. This option saves the company the expense of managing inventory of company-issued devices for every employee. Security will be just as solid as maintaining a company-owned device library, as long as employees comply with the device management enrollment.
Cons: Because this policy requires full enrollment in a mobile device manager, as opposed to a mobile application manager, employers will have the ability to track the locations and remotely wipe an employee’s personal device. As a result, this policy may be met with staff pushback and concern. Given that so many white-collar Americans are working from home at least part-time, employee privacy and employer surveillance are hot-button issues.
In addition, employees who use older devices may not be able to comply with the enrollment of the MDM platform. If not all employees are able to comply, the company may struggle to fairly and consistently apply policy.
Allow Personal Devices but Prevent Use of Mobile Apps with Company Data
In this scenario, employees are allowed to use their own devices but are prohibited from installing or using mobile apps to conduct business. In other words, employees would not be permitted to install their work email on their smartphone.
Pros: This policy is the most affordable option because it costs basically nothing and implementation is easy.
Cons: This strategy greatly reduces security because users are forced to use their device’s web browser to access company email or other documents. On smartphones, accessing email within a web browser can reduce usability, discouraging employees from checking their email while they are away from a computer. Most of the Office 365 apps used in Microsoft Teams would also be inaccessible, and users would not receive notifications for Teams chats or tags.
Secure Your Business Now
Like most business and enterprise technology decisions, choosing a method for securing company data will be unique to your company. There isn’t a “one-size-fits-all” solution to security for businesses, so it’s important to be thorough with your research.
Choose wisely! Windows Management Experts has the knowledge and experience to guide you through the mobile device management process. Contact us today for your enterprise mobility consultation and cybersecurity assessment to uncover your company’s most pressing vulnerabilities.