It is no secret that we live in a “mobile” world. Our expectations for the availability of connectivity and robust computing power continue to extend to more types of devices, in ever smaller forms that travel with us wherever we go. And we expect all of them to connect seamlessly with all the other devices in our lives.
Digital assistants such as Alexa or Siri found on mobile devices connect to technology platforms of all kinds – from auto entertainment systems, to smart home controls, to security cameras, etc. Our smart watches deliver daily news, track our activity, stream music for us, make calls, and monitor key health indicators. Our smart phones now have more computing power and capability than the most robust computers of a mere generation ago and have the ability to integrate all of the technology systems we utilize. The advances in tablet and laptop technology are so obvious and well-known that we don’t need to elaborate further.
The power, connectivity, convenience, and utility of all of these mobile devices and other IoT (Internet of Things) devices provides great benefits. But it also brings significant security risks. It is critical that we take into account how we use our devices and the security pitfalls we must avoid when using them. Due to the security vulnerabilities that come with mobile device use, it is vital that we understand the increasing importance of mobile device management.
The Importance of Mobile Device Security
What is mobile device security and why is it so important, anyway?
To put it simply, your personal data is important! If it gets into the wrong hands, all manner of bad things can happen. You can have your important data “ransomed” or lose it altogether. You can lose lots of money. Your credit rating can be destroyed. You can suffer grievous damage to your personal reputation. These are not “Chicken Little, the sky is falling” exaggerations. According to Statista there were over 4,000 security breaches in the United States from 2016 – 2018. The amount of records exposed in that time frame exceeded 680 million. Taking pains to secure all of your computing devices and mobile technology will help prevent security breaches and mitigate loss.
In thinking about the security of mobile devices that your church staff uses, it is important that you establish policies to manage these devices and classify how they are used. Determining whether your staff will use their own personal devices for work or if they will use church-provided devices is the first step in defining that policy. It is important to understand how your staff will be using mobile devices in their ministry activities so that you can choose the correct devices and tailor those devices to function properly for the task. Knowing how the devices will be maintained and managed is also a key factor in securing them. In addition, it is imperative to define and enforce an acceptable use policy to communicate what is expected both of the users and the devices. That policy should also include specific security requirements for the users.
The Ups and Downs of BYOD
“BYOD” (Bring Your Own Device) is a common term used to identify devices that individuals own personally but use for work. If your church is considering allowing BYOD in your environment, it is crucial to consider several factors. There are both negative and positive sides to a BYOD environment.
One positive aspect of maintaining a BYOD or partial BYOD environment is that this setup allows the church to realize potential savings on hardware expenditures. Allowing people to use a device they already own instead of purchasing staff machines means the church can spend that money elsewhere. This also allows each user the flexibility of using a device they are most familiar and comfortable with.
A negative result of allowing staff to use their personal devices for work is that the church will not be able to implement effective centralized management of those BYOD machines. Because there is not centralized management, the church will have to rely on individuals to implement effective security protocols on their own machines. Most church staff do not even know what specific vulnerabilities exist, not to mention how to protect against such risks. This opens the door to security breaches and malware infections. It is very difficult to manage what people do on their own phones when the lines are blurred between personal use and work use.
Another downside to BYOD is that the complexity of supporting such a technology environment increases exponentially when there is a lot of inconsistency in the types of devices being utilized. It can get very complicated when some people have androids and others have iPhones, or when users utilize various types of tablets with different operating systems, or when some users have the newest models of machines while others hold on tightly to the same machine they have used for 10 years. The presence of multiple device types usually dictates the need for additional resources for bandwidth and support. Deciding how you will handle BYOD is a critical consideration when implementing effective mobile device security.
Mobile Device Management Benefits
For any type of device environment, be it organization-owned or BYOD, a Mobile Device Management (MDM) solution is highly recommended to provide a detailed and effective level of control, management, and support. MDM is accomplished via a software application used to manage end points, primarily tablets and smart phones, but it can also manage many laptops. MDM allows a church to deploy mobile and computing devices to staff in an efficient manner that utilizes standardized elements, policies and safeguards.
MDM allows a church to achieve enhanced security and compliance by enforcing security policies and enrolling specific connectivity policies for devices, e.g., joining the wireless network without entering a password. MDM also provides for remote management of devices in the event that the user needs support or a device is lost or stolen.
MDM is extremely helpful in larger environments, where in the absence of more standardized controls people may tend to do “what is right in their own eyes.” But regardless of the church size, we recommend MDM highly because it provides effective control, increased security and an ease of administration that all add up to responsible stewardship.
Additional MDM Considerations
There are other security mechanisms to consider when thinking about Mobile Device Security. For instance, Apple utilizes a tool called the Device Enrollment Program (DEP). When purchased, DEP can assign a device to an organization (as opposed to the individual Apple ID). In the event that the device is stolen and gets erased, it will still be enrolled as part of the corporate ownership. This is also useful when importing devices into an MDM as it can easily import all devices that are DEP-enrolled for the organization. While utilizing such security mechanisms and automation is very helpful, it does not replace the need for a security policy.
Defining a security policy will help a church secure its environment and inform users as to what is expected of them when using a mobile device. The acceptable use policy will include a summary of how users should interact with devices, describe what behavior is deemed unacceptable (e.g., malicious or inappropriate websites), and clearly outline actions in the event of a breach in security or the policy itself. Establishing a clear line of communication with staff is essential. Church staff must know what is expected, and they must have a clear picture of things to be careful of when using church-owned devices.
The Bottom Line on MDM
The point of mobile device management is to ensure a safe and secure working environment when using mobile technology while at the same time stewarding resources effectively through efficient, streamlined management. Your church can improve the likelihood of reaching these goals by identifying how it will use devices, knowing whether it will leverage BYOD, and by defining clear and effective usage and security policies. By leveraging MDM tools and policies you can go a long way towards securing your church’s technology environment and reducing the fear of unpleasant security incidents.
Enable exists to Change Lives by Serving Those Who Serve. If we can serve you by helping you formulate secure mobile device policies for your church environment, we would love to help! Contact us at [email protected] to get started!
Written by: Andy Bullington, Strategy Consultant, Enable Ministry Partners