To make sure all staff are using mobile devices securely, you can:
- use software to remotely control and monitor devices
- implement mobile security policies
Using software to keep devices secure
A mobile device management (MDM) solution can help protect your organisation’s information on smartphones and other mobile devices. This allows you to remotely control, monitor and enforce policies on employee’s mobile devices and wipe devices if lost or stolen.
Decide whether you need an MDM solution
Consider the following questions:
- Are you supplying company devices or allowing staff to bring their own device?
If you’re supplying phones, you can control how they are set up. You can ensure they use a PIN, are encrypted, and that ‘remote wipe’ is enabled. Combining this approach with a smartphone use policy may be enough to protect your data.
- How many devices will you use across the organisation?
If there are only two or three devices being used, you may be able to manage these manually and combine them with a smartphone use policy.
- Can you make sure staff cannot access organisation’s services or data if not authorised to do so?
Do you have services or data that can be accessed by staff remotely using standard smartphone apps (such as a web based email system)? If so, using an MDM solution can prevent access without the device first being enrolled and managed. It is difficult to prevent this with a smartphone use policy alone.
If this is the case, consider how your data is stored and accessed in general and whether you can find a solution that offers better data protection.
Decide what you need an MDM solution to do
Not all MDM solutions are the same. Consider the key functions you need, for example:
- self-service enrolment - if allowing staff to use their own device, or rolling out a large number of phones, you may want users to be able to enrol their devices themselves or an automated enrolment process
- a simple policy and wipe approach - allows you to set a policy such as requiring a PIN, then wipe a device if it is lost
- conditional access - block access from devices that don’t meet certain requirements, such as running risky apps
- deploy and manage applications - the ability to manage the apps and deploy new apps may be useful if managing a lot of devices
- reporting - if you have an IT department you may want daily in-depth reports, or just an email alert when there is a significant problem with a phone and a basic monthly health report
- supported phone types - if you are supplying company devices, choose an MDM that works for your chosen platform (Android or iOS) or one that supports both for personal devices
You should also consider:
- how easy it is to manage the MDM solution - for most organisations, a web based service that is run and maintained by the vendor is easiest, but organisations with specific needs may consider hosting a running a solution themselves within their own IT department
- how the MDM solutions manages the devices - if the solution uses a separate agent or app running on the device to manage it, this means it needs to be kept up to date, so a solution with built-in management features can be more reliable and secure
- app store integrations - you may want a solution that hooks into the device’s app store, as this will be more reliable and secure
For more information, follow the National Centre’s device security guidance.
Creating policies to keep devices secure
To make sure staff follow the advice on keeping mobile devices secure, create a smartphone use policy.
Your policy will look different depending on whether you allow staff to bring their own device or supply company phones.
If you allow staff to use personal devices, you will need a policy in place to complete the Data Protection and Security Toolkit.
Download the following templates from Digital Care Hub to get started:
- Smartphone policy template - bring your own device (downloads in a Word document)
- Smartphone policy template - company devices (downloads in a Word document)
For more guidance on keeping devices secure and protecting your information, visit the Better Security, Better Care website.