Mobile device security policies should cover a variety of aspects, including device ownership (e.g. whether the devices are provided by the organization or owned by employees), device management (e.g. how the devices are configured, updated, monitored, and controlled), device access (e.g. what types of data and networks the devices can access and how they authenticate and encrypt their connections), device security (e.g. what security measures the devices should have), and device usage (e.g. what behaviors and activities the devices should follow or avoid). For example, organizations may use mobile device management (MDM) or mobile application management (MAM) software to configure and control their devices, while also requiring passwords, biometrics, VPNs, or certificates for authentication and encryption. Additionally, antivirus software, firewalls, backups, remote wipe, and lock screen may be necessary for device security. Finally, users should be aware of public Wi-Fi usage, downloading apps, sharing devices, or reporting incidents as part of their device usage policy.