Published: August 22, 2025

Our new bulletin Cyber Threat Watch has been created to help small businesses stay up to date on the latest threats, news, and events affecting their business. The content has been curated to make cybersecurity easy and accessible for both technical and nontechnical readers.

Featured Cyber News — Mobile Device Management (MDM)

Smartphones and tablets have become everyday tools in the workplace. Whether you are replying to vendor emails, accessing shared documents in the cloud, using GPS or payment apps on the go, or communicating through team messaging platforms, mobile devices now support much of today’s routine business operations. However, this convenience comes with risk and can open the door to data theft or unauthorized access to your company’s systems.

To address this growing concern, the National Institute of Standards and Technology (NIST) recently updated its mobile security guidance in SP 1800-35—placing the mobile device management (MDM) at the center of data protection and secure communication. For any business that relies on mobile devices to get work done, the MDM is no longer a nice-to-have. It is essential.

What Is the MDM and How Does It Help?

The MDM is a combination of software and business practices that helps secure the mobile devices used for work—whether company-issued or employee-owned. Through a central dashboard, the company (or its third-party IT provider) can manage work devices by doing the following:

  • Require secure passcodes or fingerprint logins
  • Keep devices updated automatically
  • Control which apps are allowed for work
  • Separate work-related data from personal content
  • Locate, lock, or wipe a lost or stolen device

This setup ensures that, even if employees are working from home, visiting clients, or using their own phones, the company still maintains control over what connects to its systems and data. Accordingly, NIST SP 1800-35 highlights the MDM as a key part of Zero Trust security—meaning that no device is trusted by default, so each one must meet specific requirements before accessing the company’s systems and data.

Potential Threats Without the MDM

When mobile devices are used for work, even simple actions can carry hidden risks. Here are six common problems that may put businesses at risk. 

  1. Smishing (Text Scams): Scam texts may appear to come from government agencies, banks, or delivery services, prompting employees to click a link or share a code. These messages can lead to having passwords stolen, malware unknowingly installed, or unauthorized access to business accounts.
  2. Malicious or Fake Apps: Some apps, especially those from outside official app stores, may look useful but quietly access location data, files, or company emails.
  3. Lost or Stolen Devices: If a work device is left behind or taken, it may still be logged in to email or business apps, giving unauthorized individuals access to sensitive data.
  4. Outdated Apps: Devices without regular security updates are more likely to be targeted by attackers who exploit known flaws to break in.
  5. Unrestricted Browsing or Messaging: Using public Wi-Fi or visiting untrusted websites can expose devices to malware or phishing traps.
  6. Email-based Attacks: Malicious emails (e.g., spoofing or phishing) can compromise sensitive data or lead to malware infections on mobile devices if they are not properly filtered and authenticated.

How the MDM Can Mitigate Potential Risks

By taking the following practical, proactive steps, businesses can reduce risks associated with the use of mobile devices.

  1. Filter Suspicious Links in Texts: Block harmful links delivered by SMS and reduce the chance of employees clicking on scam messages.
  2. Control Which Apps Can Be Used: Allow only approved work apps and block access to high-risk or unauthorized ones.
  3. Erase Lost Device Data Remotely: Lock or wipe data from lost or stolen devices to prevent exposure of business information.
  4. Keep Devices and Apps Updated Automatically: Push updates to close known security gaps that attackers could exploit in outdated systems.
  5. Limit Risky Activity on Work Devices: Browsing rules help prevent employees from visiting harmful websites or installing unsafe software—even by accident.
  6. Enforce Email Authentication: Enforce email security protocols (e.g., SPF, DKIM, DMARC) to block malicious email content from reaching devices.

Conclusion

Mobile devices are now core to how many businesses operate. However, if they are not secured, they can become a weak point that attackers will target. The MDM offers a simple, scalable way to keep work devices safe—without slowing people down. Putting device controls in place today can prevent serious problems in the future.

The NCSS encourages businesses to adopt comprehensive security practices and stay informed about evolving technology news. We recommend you consider becoming an NCSS member to access a wide range of our services. For more information, visit our Small Business page.

References

https://pages.nist.gov/zero-trust-architecture/index.html

https://www.trio.so/blog/mobile-device-management/

https://www.comparitech.com/net-admin/mobile-device-management-software/

https://levelblue.com/blogs/security-essentials/what-is-smishing

https://www.bankofamerica.com/security-center/avoid-bank-scams/

https://www.falkonsms.com/post/verify-text-message-sender

https://people.com/what-is-smishing-and-why-is-the-fbi-recommending-you-delete-iphone-and-android-text-messages-that-ask-to-pay-tolls-11696005

 

About the NCSS

The National Cybersecurity Society (NCSS) is committed to improving the online safety and security of the small business community through education, awareness, and advocacy. As a 501(3)(c) organization, the NCSS uses funds from charitable donations and grants to develop educational materials, webinars, weekly cyber tips, videos, and how-to-guides. The organization’s goal is to enable and empower small and medium businesses to obtain cybersecurity services, assist them in understanding their cyber risk, and advise on the type of protection needed. We want to continue to grow our community and encourage you to tell other small businesses we are here to help.

The NCSS is committed to respecting the use of images in our communication efforts. Accordingly, unless otherwise specifically noted, the graphics in our bulletin are sourced under license from Adobe Stock. The header and footer images were designed and purchased through a contract with Eyedea Advertising & Design Studio.

Submit a Comment