Blog: How Tos

Securing mobile devices

Kamaria Harvey 27 May 2019

TL:DR

  • Mandate passcode access with a lock out duration of < 60 seconds. Ideally an alphanumeric passcode with a minimum of 8 characters.
  • Install AV and keep the device up to date with the latest security updates.
  • Consider a MDM policy for company devices to allow for: remote wiping, application allow-listing, installation of applications and device lockdowns.
  • Restrict connections to public Wi-Fi, favour cellular data instead. If necessary, use a VPN to secure communications.
  • Physically secure devices through the use of privacy screens and always knowing its location.

Hackers don’t restrict themselves to attacking our desktops or laptops, so we need to up our game.

I guess you’ve considered the security of your mobile device itself, but what about its content? What about if it’s a company device?

For both users and corporate providers security needs to be your  priority.

Here are some security tips that will help you ensure that both the devices and their data are protected too.

Use strong passwords / biometrics

Strong passwords should be the norm these days. The default requirement of an iPhone or android is a 6-digit number however there are options for 4-digit passcodes.

Typically, this can be worked out in little under a day with the correct tools.  Introducing a long numeric or alphanumeric passcode of at least 8 characters will greatly hinder any attempts to break into a device. Better still, enforce fingerprint or face ID.

This is an oldie but a goldie from @matthew_d_green that shows the difference in cracking time for various complexities of passcode:

Also ensuring a timed screen lock is in place prevents unauthorised access to data if your phone happens to be stolen or misplaced.

Updates and antivirus

Keeping your device and its applications up to date is paramount to ensure the latest bug fixes and security loopholes are mitigated.  Out of date devices are susceptible to vulnerabilities that can lead to a breach in the confidentiality of the data it holds.

Installing antivirus software on your device is a further step that can be undertaken to ensure that it is safe, and no content is at risk to malicious actors.

Implement an MDM

Using a mobile device manager (MDM) allows IT to remotely manage corporate devices centrally ensuring that every device is running the same policies and protections. MDM’s can perform a variety of tasks from auto enrolment, application management and other security features.

Backups

Backing up data in case a device must be wiped due to loss or theft is a simple way to ensure the user is back up and running in no time.  It may, however, be worth considering where you’re backing the data up to and whether it is stored with a 3rd party.  Dependant on the sensitivity of the data, considerations should be made for secure storage of any company data.

Remote wipe

The ability to remotely wipe a device that has been stolen is golden.  Allowing for all content to be deleted, renders a device near on useless to an attacker. iPhones have the ability to allow for a full wipe after 10 failed passcode attempts but also, any good MDM will have this functionality available to deploy to end users.

Connecting to public Wi-Fi / Bluetooth

It is always wise to have your Bluetooth and Wi-Fi disabled when not in use and out in public. Not only does it eat your battery and date usage, but it prevents a malicious attacker from potentially connecting to your device or intercepting communications.

If using public Wi-Fi is necessary then encrypting all communications with a VPN is a Must.

And remember, just because it’s called ‘Airport Wi-Fi’, doesn’t mean that the airport has anything to do with it 😉

Screen privacy filter

It is worth investing in a privacy screen. They can prevent shoulder surfing attacks which require minimal skill and result in maximum damage.

User awareness

We’ve saved this one until last because half of the problems we see are down to user error, and in this case just a little knowledge can go a long way.

Educating people about the risks associated with their device ‘magically going missing’ may well stop said devices from falling into the wrong hands in the first place.