Introduction:
As more companies shift to remote work or allow employees to use personal mobile devices for work-related tasks, it is essential to establish policies and security controls to mitigate the risks that these devices can pose.
A mobile device policy is necessary to ensure that all portable systems, including corporate laptops, PDAs, smartphones, iPads, tablets, USBs, and other mobile storage devices, are properly maintained and controlled to protect sensitive and proprietary corporate and personal data.
Sample Checklist:
- Review the existing mobile device policy: The first step in reviewing the mobile device policy is to ensure that it covers all relevant portable systems and provides clear guidelines on their use.
- Verify that devices are up-to-date on antivirus definitions and security patches: It is essential to ensure that all portable devices have the latest antivirus definitions and security patches to prevent potential security breaches.
- Confirm that adequate access controls are in place: All portable devices containing sensitive and proprietary corporate and personal data should employ adequate access controls, such as installation of corporate images through MDM solutions, MAM solutions to control applications, whole-disk encryption, and rules around such access if permitted.
- Ensure that devices are appropriately maintained and controlled: The mobile device policy should include guidelines on how portable systems are maintained and controlled, such as restricting the installation of unauthorized applications and software updates.
- Review remote access policies: Remote access policies should be reviewed to ensure that employees using portable devices to access corporate systems follow proper protocols to prevent unauthorized access.
Conclusion:
In conclusion, as more companies shift to remote work and employees use personal mobile devices for work-related tasks, establishing policies and security controls is essential to mitigate the risks posed by these devices.
A comprehensive mobile device policy should cover all relevant portable systems and provide clear guidelines on their use.
It should also ensure that devices are up-to-date on antivirus definitions and security patches, have adequate access controls, and are appropriately maintained and controlled.
Additionally, remote access policies should be reviewed to prevent unauthorized access.
A well-crafted mobile device policy and security controls can help protect sensitive and proprietary corporate and personal data and prevent potential security breaches.
See all articles for ISO/IEC 27001 Annex A here