Mobile device policy

Procedures have been established for the theft or loss of mobile devices.

The user may be required to e.g.:

• change network access codes
• report the situation to the IT department (and, if necessary, to the police or mobile access provider)
• change any other credentials that may have been compromised

The organizational process in the event of a device loss may include e.g. clearing the device (at least the contents of the organization) remotely.

There are separate instructions for staff to use mobile devices. The instructions cover:

• restrictions on installing software and using various services on your organization's devices
• procedures for the registration of new devices
• requirements for physical protection of equipment and installation of updates
• access control requirements
• protecting your organization’s data with encryption, malware protection, and backup
• the ability of the organization to remotely control the device

Endpoint security management system can be used to demand the desired security criteria from the devices before they are allowed to connect to the network resources. Devices can be laptops, smartphones, tablets or industry-specific hardware.

Criteria for the use of network resources may include e.g. approved operating system, VPN and antivirus systems, and the timeliness of these updates.

Mobile Device Management (MDM) helps secure and manage staff mobile devices, whether they are iPhones, iPads, Android devices, or Windows devices. E.g. a Microsoft 365 subscription includes the basics of mobile device management.

Mobile device management system can be used to e.g. configure device security policies, wipe remotely and get accurate device usage reporting.

The security policies defined in the mobile device management system aim to protect the organization’s data. For example, to reduce the risk of losing devices, you can specify that the device be locked after 5 minutes of inactivity or that the device be completely wiped after 3 failed login attempts.

It may make sense to test new policies first with a small group of users. Policies also require oversight. You can initially select a setting for policies that informs the administrator of settings that violate the policy, but does not completely block access.

Often, employees want access to data systems as easily as possible - from anywhere, anytime. However, to protect data, you may want to prevent local downloading of data to devices that are not managed, for example, through the organization's mobile device management.