Smartphone and Tablet Security Solutions

smartphone-securityOn Wednesday we discussed the many, many ways your smartphone is vulnerable to attack.  Today we will look at solutions.  Smart mobile devices need to be secured just as you would a laptop or desktop computer  The small size and easy portability of smartphones and tablets make them easier to steal or lose.  Some of our recommendations:

  • Record the electronic serial number (ESN) of your phone or tablet. This is information you will need for the police report if your device is stolen.  This information can be found under the battery or on the box the phone came in when you bought it.
  • Remote wipe, remote lock, and remote power apps to remove your data is the device is lost or stolen.  Some of this software allows you to use the GPS to track the phone’s location, and even take a “selfie” of your perpetrator.
  • Anti-malware endpoint software – whatever brand you have installed in in your computer has a smartphone app as well.  Many are free.  Use it!
  • Use your screen lock.  Sure its a pain to have to enter a PIN or swipe a picture to use your phone, but if we learned anything from the FBI vs Apple iPhone debacle is that a screen PIN can deter even the Feds from getting into your phone.
  • Only install third-party apps from trusted sources.  This means limiting yourself to the hundreds of thousands of apps available from the Google or Apple stores.

If you are managing smartphones for corporate users, there are additional solutions to implement.

  • Use mobile device management software.  This way you will have a handle on what kind of devices you have, how many there are, who has them, and where the device is located.  You will have remote management and remote wiping capabilities.  Plus you can push software updates and patches to the devices.
  • Set up a VPN to connect users to the business network.  This way business information will not be captured on the air on a free Wi-Fi connection in a coffee shop, air port, or hotel meeting room.
  • Use strong authentication to the network.  Make sure employees are complying with password complexity and duration policies in your company.
  • Separate work data from personal data.  This is especially important in mobile devices.
  • Protect the company network from intrusions from lost or stolen devices.  In other words, be ready to shut them down and block access.
  • Report lost devices quickly.  Most users will wait several days to a week before reporting, hoping that the “lost” phone will “turn up.”  This gives potential attackers too much time to break into your network.  Add this item to your cybersecurity awareness training to drive home the importance of early reporting.

We never like to report a problem without proposing a solutions, and hopefully you have picked up a few solutions here.  With BYOD exploding all over the corporate landscape, you really need to get some controls in place for your mobile devices.

0

About the Author:

Cybersecurity guru to business owners in the St Paul, Minneapolis, and western Wisconsin area. Computer security and hacking have been a passion of mine since I entered the computer and networking business in 2000. In 2013 I completed a course of study and certification exam to become a Certified Ethical Hacker (CEH). In 2016 I was certified as a Certified Information Systems Security Professional (CISSP). As Senior Cybersecurity Engineer at Computer Integration Technologies, I help our clients experience high levels of computer security, network security, and web site security. In addition to consulting on security products and services, we also conduct security audits, vulnerability assessments and full penetration tests. We also provide Cybersecurity Awareness Training for clients and their employees. We also work with companies and organizations that need to certify compliance with regulations such as PCI-DSS (credit card processing), HIPAA/HITECH (medical records), and GLBA. The views expressed on this Web site are mine alone and do not necessarily represent the views of my employer.

Add a Comment