Creating and Maintaining a Mobile Use Policy

Mobile devices are changing how we conduct business by making it more convenient for people to work from any location.  However, this ease of use comes with an increased threat of corporate data loss. This is because the information is being transmitted from network connections with varying levels of protection.  To alleviate this problem, you need to enforce a company-wide mobile use policy.

A mobile use policy generally has three components:

  • An introduction details the purpose of the policy and its overall purpose
  • the scope of the policy dictates what mobile devices the policy covers and which ones are expected and
  • The policy itself, which covers both the technical and the user requirements.

Main Components of a Mobile Use Policy

Introduction– The policy needs to explain what mobile devices are and why they present a risk to your company if proper usability guidelines are not followed.  This helps employees and users understand why it is necessary to follow these guidelines in order to continue to have the privilege and convenience of working remotely.  

Afterwards, the introduction needs to dictate what your company intends to do with the mobile use policy.  Is the primary purpose simply to restrict employees from using certain devices, or to explain when and where they should be connecting to company servers?  These are the questions you need to ask yourself when deciding on what is the purpose of your mobile use policy.

Scope– The policy needs to specify what mobile devices it is referring to.  

  • In particular, it is important to distinguish between laptops and other mobile devices (because laptops are typically more secure than other mobile devices).  
  • Another important distinction is between corporate devices and personally owned devices (corporate devices may have their own policy set in place already).  
  • Finally, it’s important to detail what access is being restricted, and the exemptions to the policy (should any exist).

Technical & User Requirements– This is the main portion of a mobile use policy.   Technical requirements detail:

  • what operating system the devices must be running on as well as software that they need to have installed.  
  • In addition to these, it also explains what security measures the user needs to take (e.g. the devices must be configured with a secure password that complies with the company’s guidelines).  

As for the user requirements, it explains:

  • how users are expected to use mobile devices that are being used for work-related purposes.
  • It dictates how they should load data onto their mobile devices,
  • what they should do if they suspect their device has been tampered with,
  • what applications are and aren’t allowed,
  • what kind of encryption the device will need, and so on.  

Both of these requirements help to create a security standard for mobile devices; by doing so, it helps to make them as secure as the other devices that the company traditionally employs.

For creating mobile use policies and more information on mobility services, you can receive further assistance on the Mobility Services page of the TeamLogic IT website.