Mobile Device Security Considerations

 

Mitigating the mobile security risk is critical to protecting yourself, your business  –  secure your mobile phone, and protect your data

Just about everyone carries a mobile device – most have not been secured and are a huge threat to a company and it’s data

A mobile device connects to many networks (sometimes without the owner knowing) from home, to office to “free wi-fi” – ideal methods of attack; the device will often have logon details for various networks stored on the device itself

A lost un-encrypted device can be “broken” in minutes; if the device had access to business or private networks – you may just have breached your own security – and depending on what information was held, you may become responsible for a major security breach at the company

A lost encrypted device – small problem that you have to replace the hardware and data – but it was encrypted which made the data useless to the thief

Know what data is being collected by applications. Some apps may be able to access your phone and email contacts, call logs, internet data, calendar data, data about the device’s location, the device’s unique IDs, and information about how you use the app itself
Avoid unsecured WiFi. This helps protect against attackers that want to steal your data over networks – always ensure that you have a VPN running
All devices should be required to have up-to-date anti-virus software running

All devices used for business must have a “wipe” function

All devices used for business should erase their data automatically after a set number of failed password attempts

Logout of your applications. If your application requires a login, ensure that you log out when you are finished

Only download apps from the official App Store and Google Play. Third- party stores are fraught with malware. Stick to the official stores to protect yourself from malicious apps

Know how your data is being used by applications; low data security is (unfortunately) a common problem today. When your device and apps send data without protecting it with encryption, the data can be easily intercepted
Add a passcode, PIN, or pattern lock. This helps protect your data from an attacker who gets hold of your phone, even if the app developer didn’t properly secure the data
Employees should be sure to protect all their devices with strong passwords

Use different passwords for sites and apps. If you use the same passwords for banking, social media, email, etc., then a hacker only needs to figure out one password to gain access to your identify

Use two-factor user authentication when available to add another level of protection. Many applications offer two-factor authentication, which combines something you have (token, phone) with something you know (passcode). It greatly increases the difficulty of an attacker compromising your password and gaining access to your account

Update your operating system and apps when new versions are available. Operating system updates typically include patches to known security vulnerabilities. Attackers can exploit these vulnerabilities if you do not upgrade your OS.