Best practices for tracking mobile devices
Safeguard against loss, liability with strict written policies
How do you keep track of something that by its very name is mobile? That’s the question facing IT administrators as mobile phones and tablets enter the infrastructure. A second question: How do you limit your liability should a device go missing?
From a device management standpoint, before a mobile device is handed to an employee, it should be tagged with a unique identifier that is externally visible. In addition, devices should be inventoried and logged in and out manually every time they are assigned. Loaner devices or tablets that are used on premises are especially vulnerable since, unlike laptops, they can’t be fitted with cable locks to make sure they stay put. Another best practice: Every device — whether tablet, mobile phone or smartphone — should be issued with a case.
“Assume any device you give out is going to be dropped several times, left in a restaurant, and given to a child to amuse him or her,” said Sascha Segan, lead analyst for mobile devices at PCMag.com. “People are butterfingers. People get drunk and leave their prototype iPhones in beer gardens, and everyone uses Angry Birds to entertain their toddlers.”
When it comes to safeguarding a device against loss, IT departments may want to take a page from the State of Iowa’s playbook. The organization maintains strict written policies that help minimize risk should a device be lost. Devices – all of which must be password-protected -- must have the ability to be remotely erased and disabled after 10 unsuccessful password attempts, and when they are reported lost or stolen. They are also instantly locked after a maximum of 15 minutes of inactivity, and, among other policies, are erased entirely when an employee leaves government employment or no longer needs a mobile device for state business – even if that device is owned by the end user. The State of Illinois has similar policies in place, but it also requires all devices to be virus scanned before connecting to any state IT systems.
These are policies that should be emulated, said Richard Schum, senior industry analyst at INPUT, and augmented by centralized administration, which can help agencies cut down on loss, he said. “One of the major aspects of security that is sometimes overlooked is what happens if you have a phone out there that’s been lost? This is one of the reasons that we think central management and administration of mobile devices is so important for agencies and subagencies,” he said. “When you have oversight, you can quickly mitigate risks.” As an added benefit, centralized management can also help keep carrier charges in check, he said. “When you’re dealing with third-party carriers, you don’t want to have a million different plans. You want one or two that give you what you need at the right price.”
With 72 percent of all organizations reporting that they have adopted mobile communications, and only 3 percent saying that mobile isn’t in their plans, according to a recent INPUT study, not to mention the fact that an average of 13 percent of respondents’ budgets is being used for wireless communications, such policies are critical.
“When done right, enabling mobile devices becomes very powerful for users and administrators,” explains PCMag.com’s Segan.