4 Rules of Thumb for Better Mobile Device Security

Security threats are everywhere, lurking in alley ways and around corners and even in your favorite coffee shop. Yet mobility is in demand, and people will use their smartphones and other mobile devices because it’s convenient, even if company policy suggests against it.

This is a big deal for IT and security professionals and CIOs, which is why it took a while for IT to recognize the need to address mobile device security rather than simply deny mobile device use. With data breaches, ransomware attacks, hacks and information leaks happening on an almost daily basis, businesses must find ways to protect their valuable applications and data from loss or misuse while at the same time enabling mobile device use.

The following 4 rules of thumb are not comprehensive but are four essential rules of thumb to help guide business owners in addressing mobility management and security within their organizations.

Rule 1: Make sure there are clear mobile device use policies and support them with ongoing administration and strict enforcement.

I can’t say enough about having good security and mobile device policies and keeping them modernized, relevant, and actually enforcing them. Too many businesses say they have a “security and use” policy in place, yet it is outdated and doesn’t reflect the actual tools or processes currently in use.  Even more frequently a business will develop a policy just to say it has one, but won’t actually train workers or enforce compliance.

Rule 2: Require and enforce strong passwords, manage access in real time, and force password changes with some frequency.

It is essential that all user access to applications or data be controlled at minimum by password-protected logins to the device and corporate resources coupled with periodic forced password changes. Users often prefer to not require passwords or other authentication for device access, but corporate policy should not only require them but also enforce their use.  Also, user access should be managed in real time, meaning that any aspect relating to access should be disabled or revoked immediately upon employee termination or reassignment. Too often these forgotten chores are relegated to after-the-fact IT administration, which allows users to access resources beyond their rightful boundaries.

Rule 3:  Do something to contain the applications and data on the device.

Whether the approach is with containers, cloud hosting, server-based computing or something else, it is really important to try to “contain” the applications and data accessed from the mobile device. Risk is created when users sync data directly to the device’s storage or install applications directly on the device to access corporate data. Password and other security measures prevent unauthorized access, but allowing applications, credentials or data to be stored directly on the mobile device allows those things to interact with other things on the device.  Containers, hosting and server-based computing models keep the applications and data within secured spaces, often not even storing essential items on the device but only accessing them via the device. This allows the business to provide users with the access and functionality they need to do their jobs, but also reduces the vulnerability of applications and information assets.

Rule 4: Keep device software up to date and download fewer apps.

Updating mobile device operating system versions and release levels is important to make sure the device has the most current security patches and threat protection.   Some mobile OSes even have capabilities which can help keep personal and work apps separated.  Limiting the number of apps users can download to their devices should also be considered. Users may randomly download and install applications to their devices with little regard for the quality or security of the app, and often accept terms of use without really reading them. Consumer apps from app stores may pose risks to data and the device, so IT should check regularly for problematic apps if the device is used to access the corporate network, applications or data.

Mobile and wireless are in demand

Just about every business has people who use their phones and tablets for some business use, and every one of those mobile devices and the apps running on them could open the door for a hacker, ransomware, data theft or compromise. While there are many benefits to be gained by enabling remote and mobile devices in the business workflow, unrestricted access only creates risk.

Keeping mobile devices secure for business use takes multiple approaches, as there is no single method or solution that works for every situation. Our 4 rules provide a basic foundation for business mobility management, offering a starting point for developing a more thorough and detailed plan.

Make sense?



Model Your Dreams, Not Your Workflows

Jurassic Park: “Are those heavy? Then they’re expensive, put them back..”

Process modeling, process improvement, workflow design and quality management all sound like big, complicated things that larger companies do. Analyzing and re-engineering processes and developing highly structured workflows is often work performed within an enterprise; heavy and complicated and expensive work that’s required to keep large or distributed organizations operating as a single unit. But structure isn’t just for big business operations; it’s a big deal for small business, too.

The truth is that modeling business processes and workflows isn’t necessarily difficult or expensive, and the benefits to be gained apply as directly to small businesses as they do to large enterprises – perhaps even more because smaller businesses can change their trajectory early on, before things are too fully entrenched.  Ongoing, the development of workflows to guide process activities and the regular evaluation and testing of the outcomes may reveal wondrous opportunities to increase performance and profits. It’s all about drawing that picture of what you want the business to be, and then finding the best way to make it be like that.

While business owners and managers may be familiar with projecting financial performance under different scenarios, how often do they look at the actual processes supporting business operations and “project” performance based on changes to processes, worker activities or operational workflows?  It just isn’t something you hear much about in the small business world.  When I reached out to Ben Boomer of ParkPro to have a discussion about this type of stuff, I had no idea that the conversation would turn into a real example of how one single software solution could be the foundation for incredibly beneficial change in the organization, the business performance, and the satisfaction of workers and customers alike. The software is from the Dutch company Exact, and the product is Synergy Enterprise.

ParkPro has been operating for just about 40 years, providing an array of services and solutions ranging from auto gates and access controls to parking revenue management and camera solutions, and even anti-terrorism solutions.  Their deliverables are mostly project-based and there is a very large installation and maintenance services aspect to the business. What all this means is that there are a lot of moving parts, lots of scheduling, projects and recurring activities, and lots of possible product and service combinations. There’s also a lot of inertia behind the processes and methods that have been standard business practice for a long time.

“Making any change to how the business operates is akin to changing tires on a moving vehicle” says Boomer. “You still have to get the work done and move forward”.  With Synergy Enterprise, ParkPro’s system is agile enough to allow them to use the software and at the same time configure and tweak it to meet the needs of the business and not the other way around. He suggests that this is the problem with systems that lack of the flexibility of Synergy Enterprise; businesses must adjust to the way the software works rather than making the software really work for the business. Ben discussed an example and the good advice he received from Jeff Sachs when the company wanted to implement barcodes and thought they could use whatever came in a “canned” solution. Jeff’s suggestion was that “if the process doesn’t work, then this will simply make it not work… faster”.

Greater efficiency and performance are always important, but what it also comes down to is configuring accountability into the system.  The very act of formalizing the processes and the workflow forces ParkPro to think about and define the processes as they really are.  The system that helps them set up work requests and structure activities also helps establish accountability along the way. This has allowed the company to benefit in ways they couldn’t even imagine.

Synergy allows them to make copies of their system where they can pose questions and model the answers and outcomes.  “Do we really need to do this step, or is it just because it’s written down?” he asks. “We can pose questions and then find efficiencies in answering those questions”.  Just as with financial modeling and forecasting, workflow modeling informs on the potential result of the adjustment, allowing businesses to make better decisions and avoid missteps.

The ability to adapt Synergy Enterprise to the requirements of the business has been central to the company’s success in creating new efficiencies and improving overall performance, and the effects are felt throughout the company.  Boomer says that the changes they’ve made in their processes and the workflows which connect them has even resulted in restructuring the organization and management hierarchy to be more reflective of how things are in Synergy because its more efficient.

Reliant upon the “open” nature of Synergy Enterprise and its ability to flex with the needs of the company, Ben knows the solution will continue to support beneficial change in the operation.  In Ben’s own words, “Synergy allows us to project our future dreams and know the software can keep up”.

Make Sense?



  • Series Introduction:  Fringe to Foundation: Aligning Business Goals and Lifting Business Performance through Digital Workflows
  • Article 1: Every Business Deserves a Chance to be Better
  • Article 2: Improve Processes and Profit More
  • Article 3: Workflow Has 3 E’s