Mobile devices such as smartphones or PC tablets have become essential tools whether for personal or professional purposes. Those devices can contain a great amount of sensitive data and offer a facilitated access to organisation portals. As for any other device, they also have vulnerabilities that can be exploited by cybercriminals. In this article, you will find best practices to secure your mobile devices.

Best practices for mobile devices

1. Maintain control

Mobile device should never be left without surveillance. Make sure others do not have access to your devices. Always keep your access PIN code and passwords secret, never share them on a note or with someone. Finally, when having sensitive calls where confidential information might be shared, make sure to use a private room or secure area where people won’t be able to eavesdrop.

2. Protect your device with a PIN code and strong passwords

Mobile devices are full of personal and/or professional sensitive information. They should be secured accordingly by establishing a strong password or PIN code to access them. Strong passwords are built by combining upper and lower cases, numbers and symbols. They should be completed with Multi Factor Authentication, which requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.

3. Protect the device with encryption

Next to protecting sensitive information with a PIN code and a strong password, an extra protection layer can be added to a mobile device by using an encryption. Encryption is the process of making data unreadable to unauthorised users. Lately, almost every device offers the possibility to encrypt all the data it contains by enabling a specific parameter within its configuration.

Never store sensitive information without protection

Saving information in the notes, contacts or an email makes it easier for cybercriminals to access it as almost no protection are in place. Always use an encrypted solution to store sensitive information.

4. Avoid using unknown and public Wi-Fi

Public Wi-Fi are a handy solution as people can access professional resources, shop online, browse websites, or manage their social media almost everywhere. However, as its name indicates it, it is public and everyone can access it, including scammers and criminals. If it is wrongly configured, a public Wi-Fi can be used to monitor the activities of people connected

to it and steal their information by intercepting the data being transmitted. Public Wi-Fi should only be used when strictly needed and no other option is available. In addition, a Virtual Private Network should be used to connect to public Wi-Fi. A Virtual Private Network is a solution that helps encrypt and hide internet traffic to whomever might be trying to “listen” to the data that is being transmitted.

5. Update your devices and applications as soon as possible

Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.

6. Make backups regularly

Mobile devices usually have data that cannot be accessed anywhere else: contacts, messages, pictures, etc. It is thus important to regularly backup your mobile devices to make sure all the data it contains can always be recovered, even if the device is stolen or unavailable. This can be done mostly by connecting your device to your computer via cable or on the cloud when your phone is charging and connected to your WI-FI network. 7. Use an antivirus on all your devices

There are several ways a mobile device can be infected by a virus: opening an attachment when reading an email, clicking on a link or simply surfing through a malicious website. A virus is a malicious software that aims at damaging resources, deleting files, slowing down performances or stealing confidential information. Once a virus is on the device, it will take time, effort and financial means to remove it. Some cybercriminals put more efforts in finding ways to compromise mobile devices as they know that they usually don’t have security controls in place as for computers. This is why it is better to also protect your mobile devices, personal and professional, with an antivirus solution upfront.

8. Use Mobile Device Management

A Mobile Device Management solution help organisations control and implement security controls when it comes to mobile devices. It allows the organisation’s admins to onboard, enrol, manage, erase and upgrade the devices in a centralised manner. There are several advantages a Mobile Device Management solution can bring:

  • Isolation: organisations are able to separate distinctly corporate data from personal applications.
  • Email management: organisations can make sure that corporate email are only accessed through a managed device, making it less likely to experience data leaks.
  • Operating System (OS) update: organisations are able to remotely update the devices.

9. Enable remote lock and remote data wipe

In addition to the possibility of getting lost or stolen, an organisation can also lose a mobile device if they allow it to remain available to collaborators after they leave the organisation.

The ability to remotely lock and wipe all corporate information from a device should thus be part of the organisation’s security strategy. This can be achieved through Mobile Device Management.

Best practices for applications

1. Only use official websites or platforms to download applications

It is important to download an application only from the official vendor to avoid installing a virus instead. Many cybercriminals try to offer free versions of an application to convince you to download it when in reality, they will use it to access your devices and steal confidential information. A good way to check if a website is legit, is to check the number of downloads and the opinions of other users before installing a new application.

The aim of this content is to share and raise awareness of good cyber security practice. 
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.