Mobile Device Security

Keith is the Chief Information Security Officer (CISO) and Head of Global Infrastructure Services at Universal Weather and Aviation, a billion-dollar international aviation services company that operates 50 locations in 20 countries.  Keith frequently speaks on various cybersecurity topics.  Keith holds a MS in Computer Systems and a BS in Mechanical Engineering.

So you got the latest Smartphone or Tablet for the Holidays…

What should you know about securing it?

  • Your mobile devices can be bigger risks than your PC.
    • Keep your operating system patched.
    • Keep your applications “apps” updated.
    • Do not trust unsolicited applications
    • Do not use “cheats” to get extra features, not from an approved vendor.
  • Mobile devices are easily lost or stolen.
  • The data on these devices is private and you don’t want to share it unknowingly.

Ensure all devices require a passcode or other authentication to unlock.

  • Be aware of the limits and benefits of biometric sensors.
  • Use two-factor authentication where possible
  • Do not share your access code
  • Look into remote disabling and wiping features.
    • This may be offered by your cellular network provider.
    • It may also require you to enable those features on the phone.
    • There are also third-party tools that you can use to control, monitor, and even track your devices.
    • Remember this will turn your device into a brick

One of the biggest risks to mobile devices is malicious applications.

  • Only download software from trusted sources.
    • Android App Store
    • Apple App Store
    • Verified 3rd party App Stores
    • Make sure you understand the permissions each application requires.
  • In Android
    • You may have to temporarily allow installs from “Unknown Sources.”
    • This is the case for Amazon applications
    • Make sure to disable “Unknown Sources” as soon as you are finished installing or updating the software.

Mobile Devices are susceptible to viruses, and other malicious hacker assaults.

  • Anti-virus tools can help protect your mobile devices
  • Cellular Network Providers offer these tools as a part of their services.
  • Many PC/Mac based anti-virus systems offer an option for mobile devices as well.
  • Apple does not offer at this time an anti-virus application for iOS devices.

 

Protect your self by protecting your electronic data stored on your mobile device.

  • Do not access sensitive data or conduct sensitive transactions.
  • Even a secure device can be accessed over public Wi-Fi networks.
  • Attackers can hide and intercept traffic in any public area like your local coffee shop.
  • Bluetooth, WiFi, and Cellular are all “networks” where your data is sent through the air.
  • Air is not a “safe” or “protected” medium.
  • When accessing financial applications on mobile devices
    • Do not select the “Remember my password” option.
    • Do not perform tasks that require you to “send” account information.
  • Where possible encrypt any data that is sent from your device or is stored on your device.
  • Encrypt the hard drive of your mobile device.
    • Apple iOS does this by default.  (It can be cracked.)
    • It is Optional on Android and Windows devices.
    • In Android: Go to Settings >> Security >> Encryption >> Encrypt.

Remember:  If it’s on your device and your device is “On”, your data and personal information is vulnerable.