Phone Security

Phone Security

The most important thing to understand about security is that it is only good as your weakest link. And outside of gullible people, by far the weakest link in terms of security is the cell phone right next to you. This device is just INSANELY insecure. Think of it like a wide open personal computer you carry around in your pocket with access to all your important emails, passwords, account information, that you frequently use on totally unsecured WiFi networks when you go out for a latte.

Everyone has a cell phone and nobody thinks about securing them until they lose it.

Here is the quick summary of basic advice that I’m going into more detail, make sure to use secure logins for all phones that have access to your company email, network and data. Make sure they run all updates, have software to enable their location in case they get misplaced and if they have important documents be sure to encrypt their data. Always put them to sleep when your not using them. Leaving your laptop on while you get a coffee is just as risky as leaving your phone, anyone can get into your banking, credit, email, in less than a minute. Ideally, encrypt all your devices. It’s far more important to protect your data than it is to physically protect the device. So if you’ve got a nice case on that phone, use a secure login, too.

To do this right, you must have a security policy that makes sense. This means do not give access to important information to people that do not require it. If you store critical information do not provide access to it to anyone that does not need it under any circumstances. KEEP IT SEPARATE. I know it sounds convenient to put everything “up in the cloud” but just don’t do it with critical data, e.g. credit card numbers, banking information. Compartmentalize your important data carefully. Keep backups in a secure location and don’t share password access to anyone but those you trust to maintain their own security as well as your own.

Think about what this means for a moment… it is not trivial. If you have an employee who forwards their email to an insecure machine then you are wide open. What if their iCloud back service is hacked? did you send a text message with password information? Take a picture of your logins and passwords? etc. It goes on and on. The only way to ensure complete security is to lock the unplugged machine up in Faraday cage. Which is not a good idea either. So organize your data so ‘when’ not ‘if’ it gets hacked you can handle the situation well.


Use a Lock Screen

It is utterly insane not to have a secured lock screen on your phone. The implications of losing a your phone is far worse than your wallet. Your phone not only provides access to your contacts, your emails, and banking apps but also your shared browser passwords, and more importantly validation for password changes, via two factor authentication. This means that if anyone gains access to your phone even for a few minutes they can “OWN” you. Banking, Credit Cards, BitCoin Accounts, You name it. They can take over your life and run it into the ground. It is vitally important to understand that using a Lock Screen does not protect you when your phone is stolen. All it does is buy you time to change your passwords. A determined individual can still access all the information on your system. If security is vitally important I suggest that in addition to a lock screen you consider encrypting your phone data too. See below.

Keep Your Phone Updated

No matter what operating system your phone is running iOS, Android or even Windows make sure to run the latest updates. The reason being that many of the incremental updates include security patches based on known exploits found in the wild.

Install Find My Phone Type Apps

This is not so much about protecting your phone from being hacked as simply finding it when you’ve misplaced it. There are a number of excellent Apps out there for locating a lost phone. iOS has an excellent app called Find my iPhone, this feature baked right in to Android and Windows phones you just need to enable it.

Use Antivirus

Apple phones have a strict control system but Androids are not so if you are running Android I recommend you only install ‘safe’ apps (which means investigate ANYTHING you install before you install it.) Also use an antivirus program on your device even if it is running the latest version of iOS.

Encryption

Encryption stores your phone’s data in an unreadable form. Most Android phones ship with encryption turned on by default. It is mildly inconvenient however, anyone with sensitive business data on company on their phones will want to use encryption (with a secured lock screen) help protect their data.

Beware the Backup…

Remember all those photos of those famous people making the rounds a couple of years ago? That was because Apple’s iCloud backup services provided a nice hackable resource of photos, videos, device settings, app data (that could include banking info FYI…,) iMessage, SMS, MMS, and Voicemail. Convenient but not good from a security standpoint.

Going Overboard

SIM Locks

Seriously inconvenient and annoying… So I don’t recommend them. If you do you won’t be able to make a call without entering a password. Not worth it. Just make sure the phone goes to sleep and requires a password.