On Wednesday we discussed the many, many ways your smartphone is vulnerable to attack. Today we will look at solutions. Smart mobile devices need to be secured just as you would a laptop or desktop computer The small size and easy portability of smartphones and tablets make them easier to steal or lose. Some of our recommendations:
- Record the electronic serial number (ESN) of your phone or tablet. This is information you will need for the police report if your device is stolen. This information can be found under the battery or on the box the phone came in when you bought it.
- Remote wipe, remote lock, and remote power apps to remove your data is the device is lost or stolen. Some of this software allows you to use the GPS to track the phone’s location, and even take a “selfie” of your perpetrator.
- Anti-malware endpoint software – whatever brand you have installed in in your computer has a smartphone app as well. Many are free. Use it!
- Use your screen lock. Sure its a pain to have to enter a PIN or swipe a picture to use your phone, but if we learned anything from the FBI vs Apple iPhone debacle is that a screen PIN can deter even the Feds from getting into your phone.
- Only install third-party apps from trusted sources. This means limiting yourself to the hundreds of thousands of apps available from the Google or Apple stores.
If you are managing smartphones for corporate users, there are additional solutions to implement.
- Use mobile device management software. This way you will have a handle on what kind of devices you have, how many there are, who has them, and where the device is located. You will have remote management and remote wiping capabilities. Plus you can push software updates and patches to the devices.
- Set up a VPN to connect users to the business network. This way business information will not be captured on the air on a free Wi-Fi connection in a coffee shop, air port, or hotel meeting room.
- Use strong authentication to the network. Make sure employees are complying with password complexity and duration policies in your company.
- Separate work data from personal data. This is especially important in mobile devices.
- Protect the company network from intrusions from lost or stolen devices. In other words, be ready to shut them down and block access.
- Report lost devices quickly. Most users will wait several days to a week before reporting, hoping that the “lost” phone will “turn up.” This gives potential attackers too much time to break into your network. Add this item to your cybersecurity awareness training to drive home the importance of early reporting.
We never like to report a problem without proposing a solutions, and hopefully you have picked up a few solutions here. With BYOD exploding all over the corporate landscape, you really need to get some controls in place for your mobile devices.
Share
24
JUN
JUN
About the Author:
I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com