Lack of Mobile Device Management
Severity Level: Priority 1
Category: Security / Mobile
Description:
The absence of Mobile Device Management (MDM) leaves company data on mobile devices unprotected, with no remote wipe or security checks.
Impact:
- Data breaches from lost or stolen devices.
- Non-compliance with mobile security regulations.
- Increased risk from unsecured endpoints.
FFIEC Reference:
- FFIEC IT Examination Handbook (November 2016):
- "MDM ensures data security on mobile devices." (p. 38)
- "Remote wipe capabilities are critical for compliance." (p. 39)
Recommendations:
- Deploy Intune: Implement RESULTS-provided Intune for MDM.
- Enable Remote Wipe: Configure data sanitization policies.
- Enforce Security Checks: Set up device compliance policies.
- Enforce device encryption
- Require device password
- Enforce device auto lock timeout