Ten tips on how effective MDM can be in nullifying mobile threats
In addition to the threats above, many other things can compromise mobile security, such as poor passcodes or unauthorized access to Exchange. Let's see how Mobile Device Manager Plus, our MDM solution, can bolster mobile security:
- Enforce strong passcodes Ensure devices have non-guessable passcodes that adhere to your organization's compliance standards.
- Control OS updates Ensure devices are always running the most secure OS version by either immediately deploying the securest version, or delaying devices from being updated to a version with known security issues.
- Secure network access Prevent access to unsecured Wi-Fi networks and also ensure corporate data is only accessed using VPN (apply to the entire device or specific apps). You can also ensure all network communications are routed through your organization's proxy, and blacklist unauthorized URLs.
- Manage access to mailboxes Ensure only devices enrolled with Mobile Device Manager Plus can access Exchange mailboxes, which are bound to contain corporate data.
- Secure lost devices Identify misplaced devices by remotely obtaining the device location or raising an audible alarm. Marking a device as lost will lock it, preventing any kind of unauthorized device usage. In the case of macOS machines, you can configure a firmware password to prevent devices from starting up from any internal or external storage device other than the startup disk you've selected.
- Control apps Ensure only enterprise approved apps are installed on devices by creating your own enterprise app catalog and blacklisting non-approved apps. Limit users’ access to only select whitelisted apps by whitelisting them using Kiosk Mode, which also restricts users from modifying preconfigured device settings.
- Enable geofencing In addition to identifying device location, you can also restrict devices to a particular geographical range (say, your organization's premises) to ensure corporate data stays put.
- Encrypt corporate data Ensure there is no unauthorized access to your corporate data by encrypting it using the encryption options available on the device. For macOS machines, you can configure FileVault to encrypt the entire machine on the fly without affecting productivity.
- Containerize corporate data In the case of personal devices, you can ensure only corporate data is managed, while having zero control over employees’ personal files, through containerization.
- Restrict device
functionality To boost security even further, you can restrict basic device functionalities such as screen sharing or saving data in third-party cloud services. These security controls ensure corporate data can’t leave the device.