A systematic approach to developing and updating mobile device management (MDM) and Bring Your Own Device (BYOD) policies is critical to assure data protection in a mobile access environment. After you develop and implement mobile security policies, it is important to evaluate and update policies on a regular basis.

Here are three questions you could ask in evaluating mobile device management policies:

1)      How has the environment changed?Consider changes in the mix of devices in use, access and usage patterns and external threats and newly discovered vulnerabilities and risks. What safeguards should you put in place address new vulnerabilities and risks? 

2)      What new technologies have been introduced, including security features in devices, new iOS and Android versions and new security technologies? Which of these technologies should you adopt and include in your policy?

3)      How has your risk profile changed?  For example, are more employees now using enterprise mobile apps to access corporate data, not just using corporate email? What safeguards can help reduce risks of data loss and data leaks?

In addition to evaluating security policies, it is important to conduct mobile device privacy and security awareness and ongoing training for employees, consultants and partners. It is prudent to review policies twice a year and on an ad hoc basis in case new vulnerabilities are discovered.