Have any of these scenarios happened to you?
- An employee loses their laptop or tablet, or has it stolen while working at a coffee shop or stepping out of their car at a convenience store.
- An employee or one of their children downloads a “neat game” on the internet that introduces a malware that steals or locks up important business information
- A former employee refuses to return their company provided phone or laptop. You’re concerned that they want to keep your client’s files so that they can work for one of your competitors–or become a competitor themselves.
If they haven’t, you’re lucky. Stories like these happen every day. In our practice with our clients, I can think of at least 3 similar stories that have happened to our clients. In this new world of “hybrid work” where home and work environments overlap, this will happen more and more.
The loss of this data can be very expensive. In once case, it cost one small business over $100,000 to resolve the incident.
What Can Be Done?
There are ways to manage portable and personal devices that contain your corporate files, data, and information. To begin, we first need to define some terms:
- Bring your own device or BYOD: This is where a business allows employees to use their own device (Android, personal laptop, iOS, or iPad) for work purposes. Sometimes, the business will provide a stipend such as paying the employee’s cell phone charges as compensation.
- Corporate devices are cell phones, laptops, or tablet that are owned by the business which are then signed out to employees who need them for work.
- Managed Device Management or MDM: This is the acronym we use for managing Corporate-owned devices.
- Managed Application Management or MAM: This is the acronym we use for managing corporate data on BYODs. Because the users own these devices, we don’t have the right to erase or reset them, but we can choose which applications they are allowed to have and what controls we will enforce in the corporate profile on their devices.
What can MDM and MAM Control?
- What applications can your employees use? (such at TikTok?)
- Can they cut and copy work documents and emails to their personal cloud accounts?
- Can they attach an external memory stick to the device?
- If their device is lost or misplaced, we can lock it, or have it give off an alarm sound to help them find it.
- We can erase all corporate information from it.
- We can reset it to factory.
- We can track its geolocation.
Here are 2 screen shots of how Microsoft’s MDM/MAM manager lists devices:
Yes, all devices are compliant with corporate security polices and no one is breaking any rules.
At a device level, we have many ways of ensuring that company data doesn’t end up in the wrong hands: Wipe (erase); Delete (factory reset); Remote lock; Reset the device passcode; Restart it; Play an annoying lost device alarm; or Locate device.
It’s a small price to pay for the peace of mind that comes with having a remote or hybrid workforce.