NIS2, Are you on scope?
Belgium's new cybersecurity law enters into force. Check it out now.
Mobile devices such as smartphones or PC tablets have become essential tools whether for personal or professional purposes. Those devices can contain a great amount of sensitive data and offer a facilitated access to organisation portals. As for any other device, they also have vulnerabilities that can be exploited by cybercriminals. In this article, you will find best practices to secure your mobile devices.
Mobile device should never be left without surveillance. Make sure others do not have access to your devices. Always keep your access PIN code and passwords secret, never share them on a note or with someone. Finally, when having sensitive calls where confidential information might be shared, make sure to use a private room or secure area where people won’t be able to eavesdrop.
Mobile devices are full of personal and/or professional sensitive information. They should be secured accordingly by establishing a strong password or PIN code to access them. Strong passwords are built by combining upper and lower cases, numbers and symbols. They should be completed with Multi Factor Authentication, which requires a user to provide at least two different methods (e.g., passwords and PIN code, PIN code and a code received via text) to verify their identity and grant them access to the resource they are trying to reach.
Next to protecting sensitive information with a PIN code and a strong password, an extra protection layer can be added to a mobile device by using an encryption. Encryption is the process of making data unreadable to unauthorised users. Lately, almost every device offers the possibility to encrypt all the data it contains by enabling a specific parameter within its configuration.
Saving information in the notes, contacts or an email makes it easier for cybercriminals to access it as almost no protection are in place. Always use an encrypted solution to store sensitive information.
Public Wi-Fi are a handy solution as people can access professional resources, shop online, browse websites, or manage their social media almost everywhere. However, as its name indicates it, it is public and everyone can access it, including scammers and criminals. If it is wrongly configured, a public Wi-Fi can be used to monitor the activities of people connected
to it and steal their information by intercepting the data being transmitted. Public Wi-Fi should only be used when strictly needed and no other option is available. In addition, a Virtual Private Network should be used to connect to public Wi-Fi. A Virtual Private Network is a solution that helps encrypt and hide internet traffic to whomever might be trying to “listen” to the data that is being transmitted.
Since it could only takes one vulnerability in a system, application or device for cybercriminals to compromise in order to cause damages and get access to information, installing updates as soon as they are available is crucial. It ensures a strong cyber defence and makes sure that the system version being used is still supported by the vendor.
Mobile devices usually have data that cannot be accessed anywhere else: contacts, messages, pictures, etc. It is thus important to regularly backup your mobile devices to make sure all the data it contains can always be recovered, even if the device is stolen or unavailable. This can be done mostly by connecting your device to your computer via cable or on the cloud when your phone is charging and connected to your WI-FI network. 7. Use an antivirus on all your devices
There are several ways a mobile device can be infected by a virus: opening an attachment when reading an email, clicking on a link or simply surfing through a malicious website. A virus is a malicious software that aims at damaging resources, deleting files, slowing down performances or stealing confidential information. Once a virus is on the device, it will take time, effort and financial means to remove it. Some cybercriminals put more efforts in finding ways to compromise mobile devices as they know that they usually don’t have security controls in place as for computers. This is why it is better to also protect your mobile devices, personal and professional, with an antivirus solution upfront.
A Mobile Device Management solution help organisations control and implement security controls when it comes to mobile devices. It allows the organisation’s admins to onboard, enrol, manage, erase and upgrade the devices in a centralised manner. There are several advantages a Mobile Device Management solution can bring:
In addition to the possibility of getting lost or stolen, an organisation can also lose a mobile device if they allow it to remain available to collaborators after they leave the organisation.
The ability to remotely lock and wipe all corporate information from a device should thus be part of the organisation’s security strategy. This can be achieved through Mobile Device Management.
It is important to download an application only from the official vendor to avoid installing a virus instead. Many cybercriminals try to offer free versions of an application to convince you to download it when in reality, they will use it to access your devices and steal confidential information. A good way to check if a website is legit, is to check the number of downloads and the opinions of other users before installing a new application.
A second thing to watch for when downloading applications is to always check the authorizations granted to them: only allow what is strictly necessary for the application to function and if you find that too many suspicious accesses (e.g., unneeded access to address book, passwords, GPS location, camera, etc.) are requested, don’t proceed any further and uninstall the application. Also, only allow the accesses when necessary, do not select automatic activation (e.g., for Wi-Fi).
In addition, when applications are updated, initial permissions may change: always check the granted permissions again when updating an application.
Finally, make sure to frequently check the data used by your applications to detect inappropriate movements.
As soon as an application is not needed or used anymore, it should be uninstalled or the access initially granted should be revoked.
The aim of this content is to share and raise awareness of good cyber security practice.
Some of this advice may apply differently depending on the context of your organisation.
Always comply with the policy and instructions in force in your organisation.
If in doubt, always ask your IT manager for advice first.