End User Awareness 8 – Protecting Mobile Devices

Protecting Mobile Devices

Don’t believe everything you hear online about specific devices being virus-proof or too robust to be hacked. Listen to a fellow computer nerd and believe that if it can be made, it can also be broken down. No code is so secure it can’t be exploited. The same goes for mobile devices. Here are top tips and information about how to keep them safe and sound.

  • Smartphones
    While the primary purpose of these pocket-sized computers is for calls and emails, smartphones open a hole into the network just like any other computer.
  • Tablets
    There are hundreds of different tablet models, and the security team cannot keep up with writing policies for all of them. Out of date software or apps on the tablet can allow attackers an opportunity to gain control of a device on the network.
  • Laptops
    While laptops are easier to manage than smartphones and tablets, they are also more targeted due to their higher capacity for data. It is important when using when using our laptop away from work to remember that there re attackers out there that present physical and virtual threats to our data.

Encryption and Backup

Use strong passwords and codes when securing your mobile devices. Perhaps it’s fun to let your friends get a hold of your device when taking pictures or other, but you won’t be pleased when an attacker does the same. Lock your phone down with good passphrases and never share.

Also remember to backup your phone and files in case something happens. Backup only the most essential things such as pictures, contacts and other personal information.

Don’t root your device

Rooting or jailbreaking devices allows the user to gain administrator privileges of all actions on phone with no restrictions. This is often used for changing themes, core functions or unlocking features to use from somewhere else on the internet. This may be useful and fun, but unlocking permissions also gives any attacker a way more broad workplace with more features and tools to use. In addition, rooting your device is also a common method used for bricking your phone. If you don’t want to ruin the system and make it corrupt, leave it as is and don’t touch what is on lock down.


Bluetooth

Bluetooth devices used to just be headsets that were used to talk on the phone. Now they include a wide range of uses including transferring files to our computer, playing music in our car, or syncing contacts with a coworker.
All of the capabilities of Bluetooth means that when it is on, an attacker that is able to connect through it can access our contacts, text messages, phone conversations, or other files on our phone.
The safest way to keep or phone protected from attacks on our Bluetooth connectivity is to disable Bluetooth when it is not in use.

Physical Theft and Remote Wipe Functions
Once our mobile device leaves the office it becomes much more susceptible to physical theft and tampering. Once an attacker has the device physically in hand, there are a lot more ways they can try to and get the data off of it.
Make sure to practice security measures when we are taking our devices with us. Be aware of your surroundings and keep your devices locked up when not needed. Enable remote wipe function and consider the “find your device”-option if you feel like being safe and sound about losing it.
If your device does become lost or stolen, contact security immediately. They can take steps to keep the data more secure.

Data Interception
By default some of the ways that our phone communicates may not be extremely secure. Texts that we send, websites that we visit, or even apps that we use on our phone may have their data monitored and captured. Don’t enable information sharing between apps, such as the requests they make when asking for album, phone, camera or GPS permissions. Validate why and if it’s needed before taking action.
Ask your security what steps are being taken to keep your mobile device communications secure. Be aware of the data you are sending and think twice before sending sensitive data.

Keeping devices “clean”
Viruses do exist for phones and tablets just like they exist for computers. Applications and downloads that we put on our devices have permission to read files and data that we store on our phone, potentially sending that data to third parties. Be careful what you choose to download on these devices and always look at what permissions you are giving to apps on your phone when you tell them they can run.

Anyone can infect devices with malicious software or programs that could affect your computers and spread to the network.
Best practice is to avoid using these devices at work unless permission is given by the security team. it is always better to leave your personal devices at home and not connect them to your work computer. Viruses and worms can more very easily between devices. The more devices you have and connect, the more risk you have of compromising your computer and network.

The dangers of “bringing your own device”

Bringing your own device is a known protocol some companies offer. This allows workers to bring their own laptop or phone to do things more efficiently

Many different types of devices
With the multitude of different devices available, it would be nearly impossible for the security team to set policies and rules for all of them. The more types of devices that are allowed at work, the greater the risk of a threat specific to a certain type of device sneaking through.

Complex questions involved
Who is responsible if a personal device is damaged during work? Should an individual be allowed to install personal applications since the device is being used for work? These are just some of the many complex questions which needed to be addresses with “bringing your own device”

Privacy concerns
In order for the security team to effectively manage a device on the network, they may need to install special security settings or software. While necessary for work devices, this may cause privacy concerns as this could allow the security team to monitor our activities even when at home.