Mobile Security Tips

smartphone-securityAs we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important.  Smartphones, tablets, wearable tech,  and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off.  When these devices are stolen, you lose much more than the hardware.  Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile account information, email account information and the emails themselves, location history information, and pictures and videos of ourselves (including risque selfies?), friends, family, and places we have been.  A treasure trove for someone engaged in a long term hack or an identity thief.  Here are some ideas for you to use to strengthen the security on your mobile devices.

  • Screen lock – You should be using the screen lock feature on your devices.  Sure its a bit of a pain, but hard for you means nearly impossible for a thief.  This is your first line of defense, so don’t skip it.
  • Anti-malware software or apps – Do not limit yourself to adding software security just to computers and laptops.  The same company that you use for PCs usually has a free an a paid-for premium security app for your tablet and phone too.  This can save you from devastating effects of malware such as the recent “Hummer” Trojan horse.
  • Encryption – I am an advocate of encryption everywhere, especially on mobile devices. This makes it impossible for a thief to recover useful data from a dump of your SIM, SD card, or hard drive.  Encrypt that flash drive too!
  • Backup – Backing up all your devices, not just computers, makes it less traumatic when you lose the device that was carrying the data.  Apple devices pretty much back up automatically.  Let’s not forget about our Windows and Android devices, back them up too!
  • Location and remote wiping – In the Android world, you can get this functionality from your Google account.  Go to My Account, Find My Phone.  Choose your phone or tablet from the list.  The options include lock your phone, ring your phone, locate your phone on Google Maps, and even remote wiping.  You Apple account has the same functionality.  Windows 10 has the ability to find your device.  You can turn it on at PC Settings, Update and Security.  This feature needs to be enabled, it is off by default.  Remote wiping would require the addition of software, such as Absolute Software’s LoJack
  • Two-factor authentication – Again, use two-factor authentication wherever you can.  On problem with smartphones is that when the authenticator app is on the same device that you are using TFA to log in to a service or website, this is vulnerable to keylogging and inherently less secure than entering the TFA one-time passcode on a separate device.
  • Install software and apps from reliable sources – Make sure you are installing apps that have been vetted by your devices app store.  When installing software on a PC, I only download from the manufacturer’s website now due to problems I’ve had with unintentional installation of hitchhiking crapware on download sites such as Major Geeks or Downloads.com.
  • Create a BYOD policy – Your are not going to keep your employees and guests from connecting their devices to your Wi-Fi, so go to the trouble of setting up a guest connection for them that is not part of your personal or business network.  Many Wi-Fi router manufacturer’s build this feature in, but you may need to turn it on.  Giving them a passcode will encrypt the wireless traffic on the guest network, so set that up.  Any easy passcode is better than no passcode.
  • Include mobile devices in security audits – If you are engaging in a security audit or running a vulnerability assessment in your business, be sure to include all the mobile devices in the process.

So there you have our short list of recommendations for mobile device security.  And let’s not forget that desktop PCs can become “mobile” under the wrong set of circumstances.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment