Published: 9 March 2026 • Compare The Networks
One lost phone can expose your entire business. Customer data, email accounts, financial records, login credentials — all compromised in seconds. This 15-point checklist covers everything your business needs to lock down mobile security.
Device Security (Points 1–5)
1. Enable Full-Disk Encryption
Modern iPhones encrypt by default when you set a passcode. Android phones running Android 10+ also encrypt by default. Verify this is active on every business device: Settings > Security > Encryption.
2. Enforce Strong Screen Locks
Minimum standards: 6-digit PIN or biometric (fingerprint/face). Disable pattern locks — they’re too easy to shoulder-surf. Set auto-lock to 2 minutes maximum.
3. Enable Remote Wipe
Every business phone should be wiped remotely if lost or stolen. Use MDM software, or at minimum enable Find My iPhone / Find My Device on Android.
4. Keep Software Updated
Enable automatic OS and app updates. Security patches fix known vulnerabilities — every day without a patch is a day your data is exposed. Choose phones with long update guarantees (7 years for Google Pixel and Samsung Galaxy S25).
5. Use a Business Phone, Not Personal
Separate business and personal devices. If that’s not practical, use MDM containerisation to create a secure work profile on personal devices (BYOD guide).
Network & Communication Security (Points 6–10)
6. Avoid Public Wi-Fi for Business
Hotel, café, and airport Wi-Fi is trivially easy to intercept. Use mobile data or a VPN for any business activity on public networks.
7. Enable VPN for Remote Access
If staff access company systems (email, CRM, file servers) from their phone, route traffic through a business VPN. Most MDM platforms include VPN configuration.
8. Use Encrypted Messaging
Standard SMS is not encrypted. Use Microsoft Teams, Signal, or WhatsApp for business conversations that contain sensitive information.
9. Set Up SIM PIN Lock
A SIM PIN prevents anyone using your SIM card if they remove it from the phone. This stops call fraud on stolen devices. Or better yet — use eSIM, which cannot be removed.
10. Enable Wi-Fi Calling
Wi-Fi Calling ensures connectivity in buildings with poor signal — reducing the temptation to connect to insecure public Wi-Fi. See our Wi-Fi Calling setup guide.
Data & App Security (Points 11–15)
11. Use a Password Manager
No more passwords in notes apps or shared spreadsheets. 1Password Business, Bitwarden, or Dashlane for Teams secures credentials across all devices.
12. Enable Two-Factor Authentication
2FA on email, cloud storage, CRM, and financial accounts. Use authenticator apps (Microsoft Authenticator, Google Authenticator) rather than SMS codes where possible.
13. Review App Permissions
Audit what apps can access: camera, microphone, contacts, location. Remove permissions that aren’t needed. Block installation of apps from unknown sources.
14. Back Up Business Data
Enable automatic cloud backup to a business-controlled account (Google Workspace, Microsoft 365). This ensures data survives a lost or wiped device.
15. Create an Incident Response Plan
Every business should know what to do when a phone is lost or stolen:
- Report immediately to IT/manager
- Remote wipe the device within 1 hour
- Change passwords for any accounts accessed on that device
- Report to ICO within 72 hours if personal data is compromised (GDPR requirement)
- Document the incident and review prevention measures
Secure Business Mobiles from Day One
We help businesses choose mobile plans and devices that support enterprise security. MDM-compatible contracts from all major networks.
Get a Free QuoteAll prices exclude VAT. Fixed competitive rates/month annual price increase applies each April. Compare The Networks is regulated by OFCOM.