Would you believe that the iPhone is only 10 years old? If you're like me, you might have a hard time remembering life before smartphones and tablets. After all, most of us rely on our mobile devices for everything from completing daily tasks to connecting with friends.
This reliance has also extended to the workplace, where you and your employees may use mobile devices to help organize appointments or check e-mail on the go. But, as with any new technology that accesses your office’s information, mobile devices introduce unique security risks.
So, what steps can you take to ensure that you're appropriately managing the risk of sensitive information becoming compromised? Here, I've compiled eight tips for securing your mobile devices, addressing everything from the threat of ransomware to the benefits of tracking software.
1) Create a Strong Lock-Screen Passcode
The first line of defense in protecting any mobile device is a strong lock-screen passcode. Without one, the risk of your information being compromised will dramatically increase.
Passcodes should be stronger than 1234, 5555, or any other easy-to-guess number and should not include significant dates (e.g., birthdays, address numbers). Other passcode best practices include:
- A short auto-lock time so that your device never stays unlocked for too long
- A maximum number of failed attempts before your device locks or wipes its information
Even if an attacker were to steal a device and had the time to try to gain access, these features will help ensure that the risk of your information being compromised stays at a minimum.
2) Regularly Update Firmware and Applications
Developers and hackers are in a constant game of cat and mouse—discovering and patching vulnerabilities in software and operating systems. It’s these vulnerabilities that have resulted in some of today’s biggest cyber attacks.
For example, both the WannaCry ransomware event in May and the Petya (aka NotPetya) cyber attack in June took advantage of the same Microsoft operating system vulnerability. Although Microsoft issued a patch to close this security gap months before the attacks, it was not fully utilized. If it had been? The impact of those two global attacks would’ve been much less.
So, the next time you're tempted to postpone an update for just one more day, don't! It’s crucial that you and your staff keep your devices—including firmware, operating systems, and applications—up to date with the latest security patches.
3) Ensure That Your Devices Are Encrypted
Encryption (making data unusable or unreadable) further minimizes the risk of unauthorized users accessing a device’s information. Fortunately, most of today's devices come encrypted out of the box. This feature is automatically enabled for:
- All iPhones starting with iPhone 3GS (2009 and later)
- All Android devices that run version 6.0 Marshmallow or higher (2015 and later) out of the box
Given how recently auto-encryption was brought to Android devices, you might have a device that originally ran firmware older than 6.0 Marshmallow. If so, be sure to update your device and then encrypt it by going to Settings > Security > Encrypt phone.
4) Back It Up
Physical damage and mobile malware can lead to lost, deleted, or corrupted information. To reduce the impact should this happen, it’s always a best practice to regularly back up the information on your devices (iOS backs up through iTunes or iCloud; Android backs up through your Google account). Keep in mind that all backed-up information needs at least the same level of security as the original information, including encryption and access controls.
5) Enable Remote Tracking and Wiping
Today’s devices come equipped with tracking software (Find My iPhone for iOS or Android Device Manager for Android) that helps you locate them if they are lost or stolen. Modern devices should have this software enabled from the start—just be sure to check.
This software also allow you to remotely wipe all information and settings if sensitive information is at risk of being compromised. If you’re properly backing up your device, restoring that wiped information on a new device should be a breeze.
6) Beware of “Clone” Apps
Last year, Pokémon GO became one of the most downloaded mobile apps of its time—and scammers were quick to exploit its popularity. Soon after the game’s release, various clone apps appeared in the Google Play Store, using the same name and icon as Pokémon GO.
What happens if you download a clone app? Your mobile device could be subject to almost any kind of malware that could infect a PC, including:
- Spyware, which monitors your activity
- Ransomware, which holds your information until you pay up
- Keystroke loggers, which record everything you do on your device
So, it's very important that you know how to distinguish the real apps from the fake ones: Before downloading, always verify that the app title is correct, the company is legitimate, and the number of reviews or ratings is consistent with the app’s popularity. If you’re not sure, do a quick Internet search to verify the app details. By spending an extra couple of seconds verifying the information, spotting a clone app should be fairly straightforward.
7) Avoid Jailbroken or Rooted Devices
A jailbroken (iOS) or rooted (Android) device is one that has been intentionally hacked by the user so that it can do more than the manufacturer had intended. For example, years ago, the only way to get app folders or landscape texting on an iPhone was to jailbreak it.
Although this practice is legal, it overrides the device’s built-in security features and bypasses regular controls. As such, jailbroken or rooted devices pose a major security risk. If possible, prohibit all instances of these devices connecting to your network or accessing your firm’s information.
8) Lock Down Unwanted Connections
After taking steps to secure your devices, it's time to take stock of what's connecting to those devices. If you connect to a fake, malicious hotspot, attackers can potentially “eavesdrop” on your activity and steal your information.
To lock down any unwanted connections that could put your information at risk, be sure to take the following actions:
- Avoid connecting to potentially unsecure Wi-Fi network access points.
- If you go on a public Wi-Fi network, keep clear of situations where you need to enter sensitive information (e.g., passwords, credit card numbers).
- Most cell providers now provide ample data plans, so consider using your device’s data (e.g., 3G, 4G, LTE) rather than risking an unknown network.
- Disable the Wi-Fi auto-connect option. This reduces the chances of your mobile device automatically connecting to a malicious Wi-Fi access point.
- Disable Bluetooth when you’re not using it, as it could also be a potential attack vector.
Protection Starts with You
There's no doubt that mobile devices make our lives easier. But it's also true that they come with new and emerging security threats—and protection starts with you. By following the steps discussed here, you can help ensure that the appropriate controls are in place to protect sensitive information, whether you're in the office or on the go.
Do you and your staff regularly back up your information? What other steps do you take to secure your mobile devices? Please share your thoughts with us below!