Enterprise Policies for Mobile Device Physical Protection
The policies for physical mobile device protection and security are mostly common sense – and yes, how uncommon is that? Yet these concepts bear repeating because your users take a lot of this for granted, and laying out the do’s and don’ts drives home the point.
Here the key tenets of physical device security that you would convey to mobile device users at your company:
Ensure that your device is within your control at all times.
Ensure that removable media usage is avoided altogether and, if that isn’t possible, ensure that the data on the media is encrypted.
Refrain from lending your device to third parties.
Use a sticker (it’s low tech, but it works) that contains your name and contact information and stick it on your device so that in the event the device is lost, there is an opportunity for a Good Samaritan to contact you.
Create these stickers beforehand and hand them out to your users during the training process.
In the event of theft of your device, immediately contact the appropriate party. If it is a corporate-issued device, IT can initiate remote recovery and remedial operations.
If it is your personal device and you have remote recovery services from your provider or device manufacturer, follow that procedure right away. In the event that you don’t have any such recovery mechanisms, contact your service provider so that at the very least they can immobilize use of the device itself.
Remote recovery and remedial operations are essential functions provided by most device manufacturers and mobile operating systems vendors as well as third parties. Under the category of mobile device management, remote recovery entails locating the device, initiating remote wipe operations, and locking down the device. Remedial operations entail locating a substitute device, restoring the original device onto the replacement, and issuing the replacement to the user.