It seems Bring Your Own Device (BYOD) is here to stay whether we like it or not. Here is the scenario; the CEO approaches you on a Monday morning asking you to configure e-mail on his new iPhone. You complete the request and hope that’s nobody else catches on. Friday rolls around and the CEO pokes his head into your office and says, “Hey John, lets give all employees access to e-mail on their own iPhones by the end of the month. ” Yikes! What do you do now? What mobile device management software is available and who is the best? In this blog I will try and shed some light on security around Apple iOS devices.

Here are some basic polices you should deploy via Exchange ActiveSync:

• Enforce password lock
• Disable simple passcode
• Enable remote wipe

Audit the following before any device is connected to your Exchange Server:

• Update the firmware to the latest version
• Enable auto-lock timeout (no more than 5 minutes)
• Enable Erase data upon excessive passcode failures
• Forget Wi-Fi networks to prevent automatic rejoin
• Turn off Auto-Join for all Wi-Fi networks
• Disable View in LockScreen for apps when device is locked
• Disable JavaScript (Safari Setting)
• Enable Fraud Warning (Safari Setting)
• Disable AutoFill (Safari Setting)
• Turn On Private Browsing (Safari Setting)

Educate your users to perform the following:

• Disable Bluetooth and Wi-Fi when not in use
• Disable Personal Hotspot when not needed
• Erase all data before repair or sale of device
• Inform IT immediately when their device is lost or stolen

Just remember....this is not an end-all solution. However, enabling these basic polices and features along with employee training will allow for better handling on iOS devices.