Febrero 8, 2019

Essential mobile device policy considerations for growing businesses

Jim Haviland


Employees at virtually every business, regardless of size, are increasing their use of smartphones for work. More mobility is almost always good for business, but companies need to take control of mobile usage to manage risk and maximize productivity. Every business should have sensible mobile device policies, and most should deploy a mobile device management (MDM) solution that provides control over operating systems, apps and device access.

The first policy bridge to cross is whether you provide the devices yourself or manage a bring-your-own-device (BYOD) policy. Some businesses choose BYOD for economic reasons, although rigorous analysis suggests corporate-liable devices actually cost less.


What to include in your mobile device policy

Regardless of which path you choose, it is essential to put a firm policy in place. For example, you should require employees to update operating systems promptly. If you own the devices and operate an MDM, this is easy. If you choose BYOD, you can at least create a policy requirement stating that employees must apply OS updates as soon as they are available. This will reduce the risk of device compromise and demonstrate that you are making a reasonable effort to protect customer data.

Be clear with your staff about your intention to protect company data while also honoring their privacy. Without transparency on these points, employees might assume the worst and work against you. Set rules about what sorts of work can be done on personal devices and what sorts of work should be done only on company-owned devices. This should extend to what sort of personal use can happen on corporate technology, including what sorts of media and apps are considered inappropriate for the workplace or a threat to mobile security.

If you are BYOD, be sure to monitor your compliance with state and federal rules involving compensation, reimbursements and benefits for corporate usage of employee-owned devices. This is an area where BYOD can become problematic.


Elements of a sound mobile device policy

Implementing the following requirements in your device policy will help to address your greatest risks.

  • Any device that is used to access information associated with your business must meet minimum security and management standards, as outlined in the policy.
  • Security and management standards should be subject to change and managed by an automated MDM tool that will restrict device access or remove company information in response to perceived threats.
  • Devices should be locked when not in use, with encryption enabled.
  • If a device is lost, stolen or misplaced, management must be notified immediately. Part of making this policy work is (1) making certain information is stored off the device in the cloud and (2) communicating that in the event the device is wiped, the data will be saved. If people believe their information will be preserved during a remote wipe, they will be quicker to admit when they have misplaced it.
  • Policy should be spelled out in a document from HR or top management that makes it clear that compliance is a condition of employment.

If you are rolling out a policy for the first time, be aware that you will likely be making updates as your usage matures, the devices evolve and the threat landscape changes. Assure employees that you will re-evaluate the policy as you go, especially if you expect some people to be wary of increased device control.


How to manage your policy with MDM

With your policy written and communicated, you will need a toolset to monitor and enforce your policy. MDM packages have matured over the past decade to include a wide range of controls, content management functions (to share documents or restrict their distribution) and mobile app and website management capabilities.

The following common MDM controls can help you choose the right solution.

  • Require a passcode: The most basic security feature of smartphones, on-board encryption, doesn’t happen until there is a passcode on the device. Fingerprint scans and facial recognition are easy to use and reliable, so it isn’t really that much to ask of users.
  • Enforce OS updates: Security vulnerabilities are discovered on a regular basis and then fixed by the makers of the devices and operating systems. Devices running old versions of operating systems remain vulnerable to new threats.
  • Restrict rooted devices: MDM can immediately report devices that have been compromised and block them from accessing company information.
  • Allow only approved apps: Allowlist apps for use on your phones, and prohibit downloading of all other apps.
  • Force regular backups of files and configurations: Take advantage of cloud backup to store data created and collected on devices.
  • Require the use of location services: All devices should be able to be located and managed at all times.
  • Control usage: By specifying Wi-Fi networks and using geofencing, you can disable devices and generate administrator notifications when a device is removed from a designated area. You can also force devices to reconfigure between shifts or go into a single app or kiosk mode during certain hours.

There are many MDM software packages on the market, mostly offered on a subscription basis. Samsung Knox Manage is a great example of a full-featured but straightforward MDM. It offers consistent management support for all the major operating systems, including iOS, Android, Windows 10 and Tizen, so you can include wearable devices and traditional computers in your policy.

Enforcing all these rules is easier when you own the devices. If your plan is to have mobile devices as part of your operation, it is most certainly easier to purchase devices that you know comply with your minimum requirements, are uniformly manageable by your tools to your policies and can provide a consistent user experience to your users.

If you have sensitive information to manage and reason to use it on the go, buy devices for your employees, use an MDM to make employees very productive while limiting nonbusiness usage, and then sleep well at night.

Small businesses can purchase Knox solutions and devices from approved resellers.

[Ícono] cerrar

Obtenga la solución adecuada para su empresa

Únase a más 25 000 organizaciones de todo el mundo.

[Ícono] maletín
¿Es un distribuidor o socio de soluciones?

Obtenga acceso al programa de socios de Knox para disfrutar de herramientas útiles para socios, como el portal de Knox Deployment Program, el portal de MSP de Knox, los SDK de socios y mucho más.

[Ícono] información
Unified Endpoint Management
Knox Suite
Cambios de marca y personalización
Knox Configure
Protección contra el fraude y el robo
Knox Guard
Plan de protección de dispositivos
Samsung Care+ for Business
Otros productos y servicios

Comience con

[Imagen] Knox Suite

Paquete de soluciones todo en uno para ofrecer movilidad empresarial.

[Ícono] Marca de verificación

Únase a nosotros y obtenga una prueba gratuita de 90 días de Knox Suite y otros productos Knox. * Se quiere aprobación

[Ícono] Marca de verificación

Un conjunto completo de herramientas para proteger, implementar, administrar y analizar los dispositivos móviles corporativos de su empresa.

[Ícono] Marca de verificación

Pruebe funciones potentes incluidas en Knox Suite, como el soporte remoto de Knox.

Knox Suite incluye lo siguiente:

[Ícono] Knox Platform for Enterprise Knox Platform for Enterprise
[Ícono] Knox E-FOTA Knox E-FOTA
[Ícono] Knox Mobile Enrollment Knox Mobile Enrollment
[Ícono] Knox Asset Intelligence Knox Asset Intelligence
[Ícono] knox manage Knox Manage
[Ícono] knox capture Knox Capture

Comience con

[Imagen] Logotipo de Knox Configure

Configure de forma remota los dispositivos Samsung en masa y personalícelos según las necesidades específicas, desde el primer momento.

[Ícono] Marca de verificación

Después de obtener la aprobación, puede probar lo siguiente::

  • Setup Edition: diseñada para una única implementación
  • Dynamic Edition: implemente y actualice las políticas tantas veces como sea necesario sin tener que realizar un restablecimiento de fábrica.
[Icon] Check mark

Pruebe Setup Edition o Dynamic Edition de Knox Configure en hasta 30 dispositivos.

[Icon] Check mark

Obtenga una prueba gratuita de Knox Suite tras recibir aprobación para probar nuestro UEM.

Comience con

[Ícono] Logotipo de Knox Guard

Controle de forma remota los dispositivos Samsung para reducir los riesgos financieros y proteger los activos.

[Ícono] Marca de verificación

Tras obtener la aprobación, genere una licencia de prueba gratuita por 90 días.


Pruebe todas las funciones de Knox Guard en hasta 30 dispositivos, incluidos el control de SIM y el bloqueo de dispositivos.

[Ícono] Marca de verificación

Obtenga una prueba gratuita de Knox Suite tras recibir aprobación para probar nuestro UEM.

Comience con

[Imagen] Logotipo de Samsung Care Plus For Business

Proteja sus dispositivos empresariales contra daños accidentales y fallas mecánicas-

[Ícono] Marca de verificación

¿Ya es cliente de Samsung Care+ for Business? Cree una cuenta y acceda a la consola Samsung Care+ for Business.

[Ícono] Marca de verificación

Comuníquese con el equipo de ventas de Samsung y obtenga tranquilidad en la gestión de sus dispositivos.

Otros productos y servicios

[Imagen] Otros logotipos
[Ícono] Marca de verificación

Samsung ofrece soluciones adicionales para satisfacer las necesidades únicas de su empresa. Comuníquese con un experto de Samsung hoy.

Volver al principio