As we add more mobile and portable devices to our digital collection, cybersecurity for mobile devices becomes more important. Smartphones, tablets, wearable tech, and ultra-portable laptops are certainly convenient and easy to carry, but that makes them easy for a thief to carry off. When these devices are stolen, you lose much more than the hardware. Every bit of information on the device is up for grabs too, from contact lists, personal information, mobile account information, email account information and the emails themselves, location history information, and pictures and videos of ourselves (including risque selfies?), friends, family, and places we have been. A treasure trove for someone engaged in a long term hack or an identity thief. Here are some ideas for you to use to strengthen the security on your mobile devices.
- Screen lock – You should be using the screen lock feature on your devices. Sure its a bit of a pain, but hard for you means nearly impossible for a thief. This is your first line of defense, so don’t skip it.
- Anti-malware software or apps – Do not limit yourself to adding software security just to computers and laptops. The same company that you use for PCs usually has a free an a paid-for premium security app for your tablet and phone too. This can save you from devastating effects of malware such as the recent “Hummer” Trojan horse.
- Encryption – I am an advocate of encryption everywhere, especially on mobile devices. This makes it impossible for a thief to recover useful data from a dump of your SIM, SD card, or hard drive. Encrypt that flash drive too!
- Backup – Backing up all your devices, not just computers, makes it less traumatic when you lose the device that was carrying the data. Apple devices pretty much back up automatically. Let’s not forget about our Windows and Android devices, back them up too!
- Location and remote wiping – In the Android world, you can get this functionality from your Google account. Go to My Account, Find My Phone. Choose your phone or tablet from the list. The options include lock your phone, ring your phone, locate your phone on Google Maps, and even remote wiping. You Apple account has the same functionality. Windows 10 has the ability to find your device. You can turn it on at PC Settings, Update and Security. This feature needs to be enabled, it is off by default. Remote wiping would require the addition of software, such as Absolute Software’s LoJack
- Two-factor authentication – Again, use two-factor authentication wherever you can. On problem with smartphones is that when the authenticator app is on the same device that you are using TFA to log in to a service or website, this is vulnerable to keylogging and inherently less secure than entering the TFA one-time passcode on a separate device.
- Install software and apps from reliable sources – Make sure you are installing apps that have been vetted by your devices app store. When installing software on a PC, I only download from the manufacturer’s website now due to problems I’ve had with unintentional installation of hitchhiking crapware on download sites such as Major Geeks or Downloads.com.
- Create a BYOD policy – Your are not going to keep your employees and guests from connecting their devices to your Wi-Fi, so go to the trouble of setting up a guest connection for them that is not part of your personal or business network. Many Wi-Fi router manufacturer’s build this feature in, but you may need to turn it on. Giving them a passcode will encrypt the wireless traffic on the guest network, so set that up. Any easy passcode is better than no passcode.
- Include mobile devices in security audits – If you are engaging in a security audit or running a vulnerability assessment in your business, be sure to include all the mobile devices in the process.
So there you have our short list of recommendations for mobile device security. And let’s not forget that desktop PCs can become “mobile” under the wrong set of circumstances.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com