Small and Medium Sized enterprises (SMSs) that provide services related to information and communications technologies (ICT) have developed a human resources scheme with its labor force being mainly made up of freelancers. These companies’ lower costs even in infrastructure by allowing this kind of employees to use their own computer equipment (e.g., computers, servers, multiple devices) following the Bring Your Own Device (BYOD) mode. However, this results in more vulnerable devices to cyberattacks. This article intends to put forward a cybersecurity management model applicable to this type of companies, oriented to mobile devices which allow for securing confidentiality, integrity and availability of the information managed by them. This model is composed of three main components: processes, management indicators or metrics and the implementation guide of the model itself. ISO 27032 standards and NIST standards have been mainly used. Meanwhile, to test the model’s validity, the expert judgment will be used as a validation tool.