Call now for cybersecurity help: 888-646-1616
Holly Sagstetter

MDM for Small Business: 4 Best Practices

September 22, 2022

Choosing an MDM for small business doesn’t need to be complicated or a hassle. There are many solutions to choose from, including some solutions built right into Microsoft 365 or Google Workspace. 

Based on our work with clients, we recognize there is a lot of confusion about mobile security and mobile device management (MDM). Here’s what is so important to understand right away: your company’s data is portable. More often than not, employees are accessing company data on their mobile device. Sometimes this means writing or responding to emails. Sometimes it means accessing or editing company documents. How do you make sure company data doesn’t fall in the wrong hands?

Mobile device management (MDM) is the answer. Many tech companies like Microsoft, Google, Cisco, SAP, and others) offer MDM products and services that can monitor, manage, and secure employees’ mobile devices.

MDM does NOT mean you have access to your employees’ phones and private data. MDM is not an invasion of privacy. 

What is MDM?

So what does a MDM product actually do? MDM allows you to make ‘rules’ for devices – like needing a passcode to unlock a phone, requiring encryption, restricting the OS version, and more. 

We have a long list of must-have MDM requirements and features for companies in highly regulated industries (like financial services or government contracting).  It would be great to have all of those requirements in place. But in practice, there are two things that are minimum requirements for any MDM solution:

  1. Have a way to enforce that every phone has a passcode, since encryption is useless if there is no passcode, and
  2. Have a way to wipe company data off the device if it's lost or stolen.

This means if a device is lost or stolen, the passcode will help prevent someone from instantly accessing company (and personal) data, and you’ll be able to remove company data quickly.

Without MDM, a lost or stolen device can be a huge waste of time and money, and you may not ever really know what company data was accessed or shared. This is why we believe those two minimum requirements are critical for any business.

MDM for Small Business

MDM for Small Business: Mobile Security Best Practices

Here are some other MDM best practices to consider:

1 - Policies and Procedures - your company needs established policies and procedures for using mobile devices

2 - Manage the use of Mobile Devices with MDM - we don’t have exact recommendations about which MDM product to use, just that your company should use one!

3 - Implement Security Measures - this includes requiring multi-factor authentication (MFA) for company email, having the ability to clear company data from devices that are lost, stolen, or had belonged to a former employee

4 - Training Employees - do not assume that your employees know the approved ways of accessing company email on their device, or who they should contact in the event their device is lost or stolen

Some of these MDM for Small Business best practices may seem obvious, but that is not always the case. We continue to hear from companies that don’t have a MDM solution in place, don’t think it’s necessary, or aren’t using it correctly.


It’s important for any business to have an MDM solution in place. Allowing employees to use their mobile device for work can positively affect productivity, morale, and more. But it also means your company data is more portable and accessible than ever. An MDM solution can help protect your data and your business. Our best advice is to at a minimum do the following: 1) use an MDM solution, 2) require a passcode on all mobile devices, 3) have a way to remotely wipe company data from the device.

If your company is in a highly-regulated industry, you know how important it is to follow industry best practices to protect your client data. This is exactly what we focus on with our Virtual CISO service. We keep your data safe, and help you comply with cybersecurity regulations. 

Leave a Reply

Your email address will not be published. Required fields are marked *

Do you think we might be a
good match?

We help over 100 of the best financial services, healthcare, and manufacturing companies across the U.S. with their cybersecurity.
Copyright 2024 Adelia Associates, LLC | All Rights Reserved