Twenty checks your current mobile security stack will not run for you.

Mobile fleets under 1,000 devices

You manage a fleet small enough that the major MSSP playbooks were never written for you, but large enough that a spreadsheet and good intentions stopped being enough a long time ago. You need to know which of your assumptions about device posture, carrier exposure, and MDM coverage actually hold up.

Independent practitioners with regulated client data

You are a solo lawyer, accountant, clinician, advisor, or consultant whose phone holds material non-public information, privileged communications, or protected health data. Your regulator does not care that you don’t have an IT department. The outline tells you what you should be able to attest to in writing.

IT generalists at sub-500-person companies

You are the person at your organization who answers when something breaks on a phone, even though mobile security is a fraction of your job. You inherited the MDM. You inherited the carrier account. You inherited the assumption that the vendor stack is sufficient. The outline gives you a way to verify that for yourself.

Fleet reality

What your devices look like from the carrier side, not the console. The view you cannot get from your MDM dashboard, because your MDM does not have it.

Sample check: reconcile the device count on your carrier bill against the enrolled device count in your MDM, and account for every delta.

Architecture gaps

What your existing MDM or EDR stack cannot see. The categories of risk that fall between the products you’ve already paid for, and how to identify them without buying a third one.

Sample check: list the mobile threat categories your current stack does not generate an alert for, and document which ones you have accepted as residual risk.

Attribution and forensics

What you would and would not be able to prove after an incident. The evidence you’d need on hand if a device were lost, compromised, or subpoenaed — and the gaps that would surface only at the worst possible moment.

Sample check: for a device lost yesterday, write down which logs you can pull today, the retention window on each, and the named owner of each system.

Governance evidence

What your board, auditor, or licensing body needs in writing. The artifacts that turn an informal practice into a defensible posture, scaled for organizations without a dedicated GRC function.

Sample check: produce the one-page written mobile device policy you would hand to an auditor on request, and confirm it matches what your MDM actually enforces.

Handoff and continuity

What to document so the work survives staff turnover. The pieces of institutional knowledge that vanish when one person leaves, and the minimum set of records that prevent that.

Sample check: identify every mobile-related credential, console, or carrier account held by exactly one person, and add a documented second owner.