A mobile workforce has shifted from a “nice to have” to a critical capability. As employees expect flexibility and organizations rely more on cloud resources, expand globally, and look to reduce overhead, mobility brings both significant benefits and new responsibilities.
Whether you’re evaluating a mobile device management (MDM) solution or strengthening or implementing a bring your own device (BYOD) program, this article walks through what MDM is, the benefits and risks of a mobile workforce, and strategies to help manage them.
What is Mobile Device Management (MDM)?
An MDM tool is a platform used by an organization to manage, secure, and configure devices remotely. It is a centralized system used for securing company devices to make sure they are compliant, consistently configured, and can remotely wipe data if a device is lost, stolen, or repurposed.
The shift toward remote work, cloud applications, and distributed teams has removed the traditional network perimeter, which increases mobile security threats. Sensitive data now travels everywhere employees go. According to Fortune Business Insights, the MDM market size was valued at USD 12.15 billion in 2024 and is expected to grow from USD 15.75 billion to USD 81.72 billion by 2032.
An MDM solution can be configured to your organization’s needs. Expertinsights.com offers a comparison of several MDM solutions. Depending on configuration, an MDM solution may view:
- Device model and OS version
- Installed applications (not personal activity inside them)
- Compliance status (e.g., encryption, updates)
- Network and connection details
An MDM tool can also monitor the status of antivirus (AV)/endpoint detection and response (EDR) software, but it does not replace them. A separate AV/EDR solution is still required for full protection.
It is important to note that an MDM solution cannot view:
- Emails
- Browser history
- Personal photos
- Personal texts
- Passwords
How Does MDM Work?
MDM works through two parts: a server where administrators set policies and an agent on each device that enforces them. This allows administrators to push configurations, deploy apps, enforce security settings, and remotely wipe lost or stolen devices, all while being able to monitor device status and compliance in real time.
During a recent audit, a client told me they had no data loss incidents, but that an employee’s laptop had been lost or possibly stolen. Fortunately, the device was enrolled in their MDM. A quick look showed its last check-in and, reassuringly, no activity since it went missing. They issued a remote lock and wipe, and were able to pull the MDM event log. That record became part of their audit evidence, a clear example of a well-handled incident and the assurance the MDM was able to provide.
However, MDM solutions are only as effective as the policies they enforce. During the testing phase of another audit, we found numerous devices flagged as non-compliant due to running outdated operating system (OS) versions. When questioned, management admitted they had disabled the mandatory OS patching requirement because too many employees complained it was too invasive on their personal time. An MDM policy that isn’t strictly enforced is merely a suggestion, not an auditable control.
What Are the Benefits of a Mobile Workforce?
- Increased productivity and flexibility: Teams can work when they’re most effective, which often boosts output and job satisfaction. Employees can remain productive while traveling, on client sites, or when unexpected disruptions occur.
- Employee hiring and retention: Recruiting and retaining talent is difficult, and mobility helps by expanding the hiring pool beyond local candidates. Flexible work options also boost employee satisfaction and support better work/life balance.
- Less overhead: Remote work lowers facility expenses, allowing organizations to downsize offices, use flexible workspaces, or eliminate unneeded space.
- BYOD optimization: With a mobile workforce offering enhanced flexibility, many organizations take it a step further with a BYOD program. Allowing employees to use their own devices cuts down on hardware costs and makes onboarding smoother because employees already know their own devices. Of course, BYOD also brings new security considerations, which is why policies and MDM matter.
Risks of a Mobile Workforce
Some companies struggle to find a balance between allowing their employees the freedom of mobility against the security of the organization’s assets and data.
NIST 800-124 r2 lays out 13 high-level mobile threats and provides additional details for each one. While not exhaustive, it’s a valuable resource for managing mobile security. Here’s a snapshot of the NIST-defined threat categories:
- Exploitation of underlying vulnerabilities in devices
- Device loss and theft
- Exploitation of supply chain vulnerabilities
- Accessing enterprise resources via a misconfigured device
- Credential theft via phishing
- Installation of unauthorized certificates
- Use of untrusted mobile devices
- Wireless eavesdropping
- Mobile malware
- Information loss due to insecure lock screen configuration
- User privacy violations
- Data loss via synchronization
- Shadow IT usage
Strategies to Mitigate & Reduce Mobile Security Risks
Based on our experience auditing hundreds of organizations, here are 10 essential mobile workforce security strategies that consistently prove effective.
- Enforce strong authentication: Require complex passcodes or biometrics and enable auto-lock after a short period of inactivity. In the event that a mobile device is lost or stolen, having a passcode/password or biometrics on your mobile device will at least slow down the casual thief.
- Encrypt your devices: Full-disk encryption is quick to implement, and the user will probably never know it is enabled. Enabling encryption helps to make sure that a thief will be unable to access the device or the data without knowing the password.
- Patch and update: Not updating mobile devices leaves them open for malware and attack, so patch and update your devices with automatic updates enabled. If you want to force the issue, sandbox the device until it is updated before allowing it to have access to the enterprise.
- Avoid public wi-fi or require a VPN: Open networks are easy targets for snooping and attack. Because mobile employees often rely on public networks, their devices and data are at higher risk. Requiring VPN use helps protect against Wi-Fi sniffing and man-in-the-middle attacks and is a cost-effective safeguard.
- Implement MDM to centrally manage devices: An MDM greatly simplifies managing and securing mobile devices, and many solutions are available. Document your mobile device policy before selecting a tool so you know which controls matter most for your environment.
- Whitelist Apps: Downloading unofficial or sideloaded apps is a leading source of mobile malware. To reduce risk, whitelist approved applications, or at minimum, block known malicious ones. Enterprise apps should be deployed through an MDM to confirm they are trusted.
- BYOD Policy: Creating a mobile workforce policy that defines acceptable use and outlines ways to reduce risks is an essential first step. A BYOD program should only be implemented when supported by a policy that aligns with the organization’s IT security strategy.Â
- Backup: Backup mobile device data often. Because they are more likely to be lost, stolen, or damaged, frequent backups help protect data and reduce the impact of ransomware.
- Implement a remote wipe and the “find my device” feature: Remote wipe and device-location features are critical when a device is lost or stolen. Hardware is inexpensive compared to the cost of a data breach.
- Education: Phishing remains a top threat, and employees must be able to recognize it. Offer training and clear policies covering suspicious links, untrusted apps, risky QR codes, and proper device handling.
The Path Forward: Building a Secure Mobile Environment
A mobile workforce allows employees to work from anywhere, increasing productivity and satisfaction while reducing operational costs. Many organizations extend this flexibility through BYOD programs, though these introduce added security and privacy risks. MDM solutions help secure and manage both company-owned and BYOD devices to help keep mobile environments compliant.
Want to learn more about how your mobile environment aligns with audit expectations? Feel free to contact us if you would like additional guidance specific to your environment, or for any of our external auditing services at Linford & Company.
This article was originally published on 10/2/2019 and was updated on 12/17/2025.
Danielle started her information systems compliance career in 2003 at PricewaterhouseCoopers in their Systems and Process Assurance group, followed by the Internal Audit Department of a financial services company and the IT compliance group for a large healthcare organization. She has experience in IT general control reviews, SOC audits, HIPAA compliance, Sarbanes-Oxley section 404 attestation engagements, and Payment Card Industry Data Security Standards (PCI DSS) compliance. Danielle is a Certified Information Systems Auditor (CISA) and received her Bachelor of Science degree in Management Science & Information Systems from Penn State University.