We are rolling out an ERP that allows warehouse staff to use mobile tablets for inventory and sales reps to access CRM data on the go. What are the best practices for securing these endpoints without making the login process so cumbersome that people bypass it?
3 answers
You absolutely must implement a robust Mobile Device Management (MDM) solution. This allows you to segregate "Business" data from "Personal" data on the device. For the login process, move away from just passwords and use Biometric MFA (Multi-Factor Authentication). It’s actually faster for a warehouse worker to scan a thumbprint than to type a complex password on a tablet. Also, ensure your ERP uses an encrypted VPN or a Zero Trust Network Access (ZTNA) model so that the data is never exposed on the public internet, even if the rep is on hotel Wi-Fi.
Deborah, MDM is great for company-owned devices, but what about BYOD (Bring Your Own Device)? If a sales rep uses their personal phone, we can't lock down the whole device. How do we ensure that ERP data doesn't get cached locally or screenshotted and shared on unsecure apps?
Don't forget the physical security. We had a tablet stolen from a loading dock. Ensure the ERP app has an "idle timeout" that locks the session after 2 minutes of inactivity.
Good point, Sandra. We also implemented a "Remote Wipe" feature that triggers if the device fails the biometric login five times in a row.
Justin, for BYOD, you should look into MAM (Mobile Application Management) rather than MDM. MAM allows you to control only the specific ERP app. You can disable screenshots, prevent "copy-paste" from the app to other apps, and remotely wipe only the business data without touching the user's personal photos. It’s the perfect compromise for security and privacy.