Question

A company recently decided to allow its employees to use their personally owned devices for tasks like checking email and messaging via mobile applications. The company would like to use MDM, but employees are

concerned about the loss of personal data. Which of the following should the IT department implement to BEST protect the company against company data loss while still addressing the employees’ concerns?
A. Enable the remote-wiping option in the MDM software in case the phone is stolen.
B. Configure the MDM software to enforce the use of PINs to access the phone.
C. Configure MDM for FDE without enabling the lock screen.
D. Perform a factory reset on the phone before installing the company's applications

Answer 1

The best option to protect the company against data loss while still addressing the employees' concerns about personal data would be:

B. Configure the MDM software to enforce the use of PINs to access the phone.

This option provides a balance between security and privacy. By enforcing the use of PINs, the company can ensure that only authorized individuals can access the device and the company data on it. At the same time, it does not interfere with the personal data on the device, addressing the employees' concerns.

Option A, enabling the remote-wiping option, could potentially erase personal data, which is a concern for employees. Option C, configuring MDM for Full Disk Encryption (FDE) without enabling the lock screen, could potentially allow unauthorized individuals to access the device. Option D, performing a factory reset on the phone before installing the company's applications, would erase all personal data on the device, which is not acceptable to employees.

In addition to enforcing the use of PINs, the company could also consider implementing a containerization solution, which separates company data from personal data on the device. This would provide an additional layer of security for company data while preserving the privacy of personal data.