By Marty Puranik
Managing mobile devices is a particular challenge that has become increasingly important with the increase in mobile use. It’s been two years since mobile use first had the lion’s share of the traffic, with desktop browsing dropping to 48.7% per a prominent 2016 analysis (with tablets and mobile browsing representing 51.3% of traffic).
Beyond the fact that they are being used increasingly, mobile devices could be considered data escape vehicles. See a report released in March by Eva Alperin and Andrew Blaich of the Electronic Frontier Foundation (EFF). Galperin used the example of the international malware Dark Caracaral, which infected thousands of users in nearly two dozen nations. The assault, which used decoy apps (fake but very similarly designed to the real versions) to trick people into installing them. The malware then allows the hackers to use the devices. “Getting a look into someone’s personal device is tremendously personal,” said Galperin. “[I]t’s like getting a look into their mind.”
In this climate, studying how to control usage and data access on mobile devices is critical. Here are a few fundamentals to move forward:
Bolster your cybersecurity.
A key concern when managing mobile devices is, of course, security, as described in the introduction. Since that’s the case, it’s important to move swiftly to create a mobile device security policy, making it clear exactly how you will mitigate risk while not damaging the user experience. To control your data ecosystem, build in strong policies and pay attention to always strengthening your security protections and policies. A simple concern is that your software and hardware should all be updated to the current versions. By making sure you’re using the latest versions, you know you are optimally prepared for security issues, that you are as stable as possible, and that you are as fast as possible.
Differentiate policies for different devices.
First, be aware of the fact that your security extends beyond smartphones: laptops, wearables, and other mobile devices are also included. Your security policy should be comprehensive but should also appropriately address many specific risks presented by any specific types of devices. You also want to make sure that you are integrating your mobile approach with the approach you are taking toward the Internet of Things (IoT). Your security approach can be more cohesive by taking the IoT into account since it, too, will become increasingly prominent.
You will want a policy that forms a program to inform everyone on your staff about mobile device security and management policies, as well as specific threats to mobile devices. Increasingly, an expectation within the workplace is that a person is able to hook up their own connected devices to the network so that they can access applications, get updates of calendars, and get new email. While the individual may own the device itself, the organization is the owner of the data that is stored on it – or at least the data relevant to the company.
Think about consistency.
Bring your own device is diverse in the fact that everyone is bringing their own devices, so that means the types of devices are virtually limitless. When you are working on a management policy, think about how you can create consistency and tie things together. One example beyond mobile device management software is that you may want to have Outlook or a similar service for email, across all devices, rather than email access being decided on a device-by-device basis.
Communicate acceptable use.
Through an acceptable use policy (AUP), you can let everyone on your team know what the restrictions and guidelines are on their activities if they want to use the Internet or network. Staff members and students at academic institutions and for-profit companies typically have to sign an AUP before they are given a network ID.
Standardly, an AUP will state that the user will not use the account to perform dubious behavior, such as sending commercial email to recipients who have not requested it; spamming a site with huge volumes of fraudulent email to overwhelm servers; attempting to sabotage the security protections of the network; or using the system for illegal purposes.
Consider biometrics for identification.
Determine whether it makes sense to authenticate people through retina scanning, fingerprint scanning, vocal recognition, or other biometrics. Biometrics has been challenged historically; however, mobile device use has spurred significant innovations and improvements in the technology.
Build a sharp wearables approach.
The healthcare sector is starting to identify more strategies to leverage wearables in order to monitor patients beyond the walls of a healthcare environment. When establishing policies and implementing protections for wearables, healthcare organization will have to resolve many of the same issues that any business does; and beyond that, they have the additional layer of healthcare compliance, particularly with HIPAA. You want to make sure your treatment of the devices is adherent to a broad and cohesive mobile device management plan, as well as that it is controlled via coherent governance.
Consider remote wiping and other key administration.
Defining the scope of acceptable use is not enough. You also need to have the appropriate IT administrative tools in place to manage certain aspects of devices, such as remote wiping. A key security best practice, remote wiping is the clearing off of data from a device when you send it to get fixed or sell it, or when it gets lost or stolen.
To wipe devices, one option is to use Microsoft Exchange ActiveSync or a similar service. You can wipe the accounts of individuals through consumer cloud services, one by one. The other option is to use mobile device management software and allow the MDM environment to help you with an interface through which you can request remote wipes of any BYOD devices.
Tie in third-party systems as helpful.
Look at independent products that you might be able to leverage in your firm, to improve the way you accomplish management. Determine how solutions might make it easier for you to properly update and manage smartphones and tablets from different manufacturers.
Beyond what you need directly to manage your devices, be certain that all aspects of your environment are backed by strong, HIPAA-compliant infrastructure. When building and customizing healthcare infrastructure or managing the traffic that runs through a healthcare network, partnering with a host that has niche sector expertise makes sense to many organizations.