Most employees should know that what happens on work devices isn’t private. Many will still use work devices for personal activities like banking, shopping, using social media, or sending personal emails. Most companies already have acceptable use policies for their work property. While acceptable use policies don’t guarantee good behavior on part of your employees, it can potentially help reduce the risk of losing a lawsuit from a former employee (but again, talk to a lawyer).
However, while acceptable use policies for company property have been prevalent for years, the rise of mobile working has complicated some of these policies. To top it off, while most employees are at least cautious about their work computers, people can be less cautious on their personal mobile devices. But it isn’t just about what personal activities they do on their devices—they may be completely unaware of the potential data you could have on them. Many MDM solutions allow you to track GPS locations for each device. This is certainly useful for recovering stolen devices, but it raises some privacy concerns for someone who may not want their employers being able to track their location at any given time.
Beyond that, many MDM solutions allow you to track nearly anything on a given device—including incoming and outgoing text messages and calls, applications downloaded (and their data), photos, and much more. Employees could easily be surprised when they find out how much information their employer can see on devices they bring to work. Beyond this, it could even leave you—or your client—open to potential lawsuits if you aren’t careful about how you deal with their personal data.
What You Can Do
First off, nothing in here constitutes legal advice. If you offer a BYOD policy or use an MDM solution, speak with legal counsel first. They need to help you draft policies to both protect you and your customers. But don’t just stop at what you need to draft—you’ll want to know where and when you must inform customers. This may differ depending on laws in your local jurisdiction, but you’ll likely need to gain employees’ consent before gaining access to devices.
Second, beyond speaking with legal counsel, it’s a good practice to remind employees fairly regularly of any important policies for both company-provided and personal devices. They should know that, for example, if they hook up their iMessage accounts to a company-managed Macbook so they can send messages to friends, employers could see their text messages. You may want to encourage them to only access their private data only on their own secure home networks and devices rather than bringing them in.
Finally, remember that part of your job involves securing not just a company’s data, but the business itself. An MDM solution only plays a role in security—you need other layers to protect the business from all angles. Build strong security controls around the rest of the business—from network security to endpoint security. At the bare minimum, consider segmenting a separate guest network for personal devices so an unsecured device doesn’t get onto the main network. This way if you needed to avoid using an MDM solution for a particular client, you could still contain some threats and keep them off your customers’ primary network.
Of course, MDM solutions still offer quite a few benefits to your customers. Mobile devices can bring a host of security issues to the forefront. And MDM solutions do provide some important security features like the ability to remotely lock devices or wipe the data from the device in the event it’s stolen. Additionally, when you use an MDM feature like the one built into SolarWinds® RMM, you can also set passwords, monitor data usage, and even remotely configure email or WiFi settings. And you can do it from the same web-based dashboard you use to monitor servers, workstations, virtual machines, and more. Learn more by visiting the site here.