Mobile Security Suggestions for Employees
Nearly a decade after Bring Your Own Device (BYOD) entered the enterprise environment, cybersecurity leaders still strive to manage the risks.
Employee‑owned devices were responsible for nearly 51% of corporate data breaches in 2017, according to AT&T.
Like desktop and laptop computers, mobile devices (smartphones, tablets) must be secured appropriately to prevent leakage of user/business sensitive information.
Several security aspects that facilitate the mobile device protection are presented as follows:
Avoid Auto-Login Features without Re-confirmation.
Mobile payment services are very common these days. Some mobile apps or web services recommend users to activate features like “remember username” or “remember password”, so that you don’t have to re-enter the password each time you login. In this case, you shouldn’t choose to remember, especially the password, to reduce the risk of unauthorized access and payments in case the device is lost or stolen.
Be careful of phishing scams / social engineering.
Attackers always target sensitive data because by selling it they could generate easy money. Cybercriminals tend to make use of social engineering such as emails, links to attract people to provide personal/business information. Hence, when browsing the Internet, be extra careful not to expose yourself or your organization to potential harmful schemes.
Use a VPN extension for your browser.
A good VPN extension will encrypt your browser traffic so that hackers cannot use sensitive data to get unauthorized access to your accounts. In addition to securing your connection, a VPN browser extension will hide your IP location and allow you to view geoblocked content and bypass censorship from anywhere in the world.
NOTE: Activating a VPN extension may slow down your browser.
Be careful when accessing Public Wi-Fi / Wireless Access Points.
As you probably know, Public Wi-Fi / Wireless Access Points are insecure. So, you should avoid as much as possible to perform payment transactions or transmit sensitive data through public Wi-Fi / Wireless Access Points. Also, consider using encryption, such as SSL or VPN when is mandatory to do so.
Do not leave your Mobile Device/s Unattended.
Leaving your device unattended is dangerous firstly because it can be stolen. Secondly, it would also increase the risk of unauthorized use of the device, or even a data breach.
You should use Private / Secure Mode when surfing the Internet.
Last generation mobile devices let you enable private mode / secure mode when browsing the Web. From security and privacy perspective, you should keep this mode enabled, so that your browsing behavior will not be easily traced.
Disable any unused Applications and Services.
To reduce security risks, you should stick with the Apps, options and services that are absolutely necessary. So, a small number of installed applications means fewer software updates and fewer vulnerabilities. Also, if it is not required to use Bluetooth or Infra-Red (IR), it is also recommended to keep them off to mitigate the risk of unauthorized network access.
Keep the Operating System (OS) & Mobiles Apps Up-To-Date.
It is required to perform security updates for the Apps and OS of your mobile devices by enabling automatic updates, accept security updates when prompted by trusted providers, such as OS / Apps manufacturers that attempt to fix known security loopholes or vulnerabilities.
Use Password / Fingerprint & include Screen Timeout Settings.
If you set a weak password and a long screen timeout period, your mobile device may be easily hacked. Cyber security professionals recommend you to use a password that cannot be easily guessed while setting a short screen timeout interval (a minute or less).
Avoid Android Rooting or iOS Jailbreaking.
Some iOS users like to jailbreak their device after purchasing it, because that allows them to perform certain actions on their Apple devices that cannot normally do. Basically, jailbreaking is the process of removing software restrictions put into place by iOS developers allowing users to install software that Apple doesn’t authorize.
On the other hand, Android rooting allows you to gain privileged control over your device, it also enables you to remove or replace the entire operating system of the device. This is achievable because Android itself was built on a Linux kernel, and permits users to access administrative permissions on their smart devices.
Jailbreaking or rooting to break factory security settings would make you mobile devices vulnerable to cyberattacks. Mobile apps that run on rooted or jailbroken devices may also be vulnerable to attacks, especially mobile banking applications.
Backup your mobile data regularly.
Nowadays, there is no excuse of not backing up your most important data. Make sure you do it regularly to be able to restore the most recent version of your files and software. When adopting a cloud-based backup solution, consider using data encryption, integrity checks etc. to protect your backups.
Download Mobile Apps from trusted stores.
Obscure mobile apps may include malware designated to collect sensitive information. To protect your mobile devices from being hacked, it is recommended to download mobile apps from trusted stores only.
Reset to Factory Settings before decommissioning the old mobile device.
Last-gen smart devices become increasingly popular. It is quite often for consumers to change their mobile devices with new ones, disposing of the old ones. In addition to data migration, before decommissioning the old devices, don’t forget to reset to factory settings to clear all configurations and data containing sensitive information to prevent data leakage.
Last but not least set up wipe / kill apps & encrypt your mobile device if it is possible.
As we all know, it is vital to protect our data. When it comes to business information such as emails and files, extra caution is required.
Keep up the excellent quality writing, it’s rare to see a great blog like this one today.
Touche. Sound arguments. Keep up the great effort.
Excellent post, however I wanted to know if you could write a little more on this topic? I’d be very grateful if you could elaborate a little bit further.