February 22, 2019

How to Make Security Policies for BYOD Mobile Device Management

Many enterprises leverage bring your own device (BYOD) policies to help curtail the cost of trying to outfit every employee with a company-owned mobile device. A BYOD policy can have benefits beyond saving money on mobile devices—such as allowing remote employees to continue using the devices they’re already familiar with.

However, allowing employees to use personal devices for work also carries risks—which is why many organizations with BYOD policies also use mobile device management (MDM) software and create strong security policies for mobile devices.

How can you make strong security policies for BYOD mobile device management? Here are a few tips to help you close common security gaps:

1) Enforce Encryption ASAP for Optimal BYOD Mobile Device Management

One of the most basic and necessary security policies to enable when working with remote employees using mobile devices is to encrypt all sensitive information that may be stored on those devices. Enforcing encryption on mobile devices may not keep the devices from being stolen in the first place, but it can delay thieves from being able to leverage the data on the stolen device until you can use device tracking features to recover the device or take appropriate measures to prevent the stolen data from being used to commit fraud.

2) Ensure Employees Understand the BYOD Security Policy

Here’s a question for you: How often do you really read the entire list of terms and conditions for a piece of software? If you’re like most Americans, you probably don’t. According to a Deloitte survey cited by Business Insider, “over 90% of consumers accept legal terms and conditions without reading them.”

People are often busy, and don’t have time to read a novella written in legal jargon—they want to be able to get to whatever they were trying to access and get on with their day. However, when employees apply this attitude to the security policies meant to protect the company, this can cause issues—especially if the BYOD policy allows the company to make alterations to data and apps stored on an employee-owned mobile device.

Taking the time to spell out crucial standards and expectations in the BYOD policy to employees is crucial for ensuring compliance. It is also vital for avoiding potential liability issues. Some ways to communicate these expectations include setting up an email highlighting “plainly-worded” versions of the mobile device security policy or hosting small training sessions to showcase important sections.

3) Find a Solution with Codeless Security Configurations

Writing custom code to create new security configurations is expensive and time-consuming. Between finding an experienced expert to write the custom code, rigorously testing that code to make sure it isn’t causing conflicts with the company’s apps, and applying the custom code to every mobile device in the enterprise, there can be a near endless cycle of work to keep up with.

However, by using a codeless security configuration tool, you can save significant amounts of time and effort on setting up custom security policies for managing mobile devices. Rather than writing countless lines of custom code, the enabling or disabling of a security parameter is reduced to a single click.

Additionally, by using a codeless security configuration tool, you aren’t relying on a single IT resource to enable and maintain your security policies and parameters. This gives you more flexibility for managing your security configurations and reduces the time, money, and labor spent on managing security for mobile devices.

4) Enforce Frequent Software Updates for All Operating Systems and Software

Mobile application developers are constantly working to find and fix security vulnerabilities in their software. Falling behind on the operating system and software security patches they release in response to newly-discovered vulnerabilities exposes your organization to unnecessary risks. So, when creating a BYOD security policy, it’s important to specify the need for users to keep up with their security patches.

In fact, it may be helpful to deploy a mobile application management tool that can be used to force security updates remotely—though it’s important to make sure employees know that this software will be installed on their mobile devices and what it will be used for.

How Kandji Helps Close Common BYOD Policy Security Gaps

Kandji is a security configuration tool for macOS devices that eliminates the guesswork from creating strong security policies on the mobile devices used by remote workers. Kandji closes some of the classic security gaps in a BYOD policy by:

  • Performing Repeated Checks for Security Policy Settings. Many security policies are treated like a “fire-and-forget” solution—only to be promptly disabled on the device. Kandji performs a security policy check every three minutes to prevent such tampering. This check works while offline by using cached data about the security settings.
  • Turning Security Configuration Management into a One-Click Process. Instead of having to create a custom code for each new security policy, Kandji allows users to turn custom security configurations on and off with the click of a button. Custom, role-based blueprints using specific combinations of security settings can also be created to make onboarding new macOS devices even faster. This helps ensure that every device is protected.
  • Providing a Dashboard Showing Each Device’s Security Status. Kandji’s dashboard view allows admins to check the current security status of every macOS device registered to the organization at a glance. In the dashboard view, admins can check each computer’s security status (online & secure, offline, online with an alert, and missing), total security event remediations, and the active blueprint assigned to specific computers.

Need help securing the macOS devices your remote employees use on the company BYOD policy? Try Kandji for free today.

Subscribe to the Kandji Blog