In the last 12 months, the ICO issued public sector fines of over £2 million, with private firms such as Welcome Finance also incurring hefty fines relating to data breach. Recent research shows the average cost per incident is around £1.25m. However, with business reputation on the line potential loss is not only financial. Customer trust is hard to buy, but in data-breach cases, easy to lose.

UK business’ growing dependence on mobile devices has compounded this issue. Reliant on workers’ ability to access data and services on the move, businesses are finding it harder to formulate, and enforce mobility policies. Add to the mix the popularity of BYOD, and mobile security becomes both harder to deal with, and more prone to failure.

A recent study uncovered a severe gap in mobile deployment and policy. With 38% of UK companies offering a hybrid model (company owned devices alongside a BYOD), 7% rely entirely on BYOD to ‘mobilise’ workforces. This laissez-faire approach to deployment is replicated in the lack of focus on security, with almost a third of businesses having no formal or enforceable mobile device policy

Despite this challenging IT landscape what has also emerged are examples of best practice. The importance of transparent policies is not only vital in law, but also garner the trust of customers who rely on secure data policies.

Currently, almost two-thirds of UK companies already use remote-lock-and-wipe policies for lost and stolen devices. This is recognised as the first, basic step any business can take to ensure control over company owned, and even personally owned devices.

However, this is only one part of a full 360-degree mobile policy. Before a business moves to a BYOD culture there are 3 areas they should consider.

Step 1 – define your IT requirements

Decide the types of device and operating system you are willing, and able to support. Whilst evaluating this, bear in mind the combination of security, manageability and apps. Do you wish to deploy in-house apps? Does the hardware support API and support of syncing policies?

Step 2 – define your legal requirements

There can be a fine line between securing corporate data and respecting personal privacy. Therefore it is prudent to draft a mobile device policy, defining all responsibilities and rights. Insight should be gleaned from legal, IT, HR and employees themselves.

Step 3 – implement MDM software

Once internal requirements are defined an appropriate software application can be implemented. Considerations should be given to platform flexibility, ease of administration, app management and security. Does the solution leverage existing infrastructure? Can user groups be defined? Does the solution support roll out of apps? Is there an umbrella security baseline, or can security be tailored to user groups?

Contending with the burgeoning trend of BYOD and data security, it is simply unfeasible for business to continue without an endpoint mobile policy. With a plethora of mobile device management solutions in the marketplace, the cost of implementation will always be recouped in the added trust customers will gain from seeing full and thorough policies to protect their valuable data.