Top Seven Tips for Improving Mobile Device Security

When I started out in this industry, one of the first things I learned about was Moore’s Law. Gordon Moore, co-founder of Intel, famously predicted in a 1965 paper that the number of components in integrated circuits would continue to double every year for “at least” the next ten years. His prediction turned out to be amazingly accurate. As a result, the amount of computing power and memory capacity in my wristwatch is greater than the computing power of computers that it took entire rooms to house when I got into this business. Maybe that just means I’ve been doing this too long, but Moore’s Law got me thinking lately about the mobile devices that have become so ubiquitous in recent years.

As mobile devices have gained in popularity, so have the number of stories about data breaches. When an employee or executive’s laptop is stolen, so is the personal data or intellectual property saved on the device. Think about the amount of data (or sensitive e-mail) that might be on that same executive’s smartphone. Are you getting scared yet?  I am. Some companies and individuals have taken steps to minimize the damage done when a laptop is stolen, but not nearly as much thought has been given to mobile devices.

Here are my Top Seven Tips for improving mobile device security. While some of these suggestions are similar to those you’ve gotten regarding laptops, as mobile devices continue to gain computing power, it’s equally as important to secure these devices. (Note: Some of these tips may not yet be possible on all mobile devices.)

  1. Password/lock code. Put a password/lock code on the device and enable automatic locking when the device is idle. This is exactly like enabling the screensaver on your desktop or laptop machine to require a password to unlock, so that a random individual can’t access your machine while you’re away from it. Likewise, you should lock down your mobile device.  This one small step will at least slow down someone who happens upon a smart phone left lying on the backseat of a cab or left on a table at a restaurant.
  2. Remote wiping. All major mobile devices have the ability to send a signal to the device that triggers the phone’s software to delete any and all data (documents, e-mail, or address book) housed on the phone. When your phone is lost or stolen, wipe it.
  3. Encryption. Many organizations require full-disk encryption on their laptops, and the same should be required of other mobile devices.  Unfortunately, this is an area where I don’t yet see widespread availability of solutions for all major types of mobile devices. When it arrives, use it.
  4. Anti-virus software. As is the case with anti-virus software on laptops and desktops, this isn’t a silver bullet that will automatically make you secure.  Anti-virus software is largely playing a “catch up” game where it will not detect brand new (or often, polymorphic) malware.  If there isn’t a signature or a heuristic, it won’t catch it, but when it does, that is one less thing to worry about.
  5. Thin client. When and where possible, use the mobile device as a thin client. To access your data, connect back to the corporate network (where you can take advantage of the network’s additional protections, such as firewalls, proxies, and spam filtering) via a VPN. Or use your mobile device to access your applications in the cloud. While these mobile devices are quite powerful and complex, they’re still not as capable as our laptops, desktops, and servers.
  6. Don’t follow links. We’ve been fighting this battle in e-mail for a long time, and now with mobile devices, we need to extend this to links sent via SMS, IM, or social networking sites.
  7. Turn off GPS and data, when not in use. Being “connected” 24/7 sounds great, but there is such a thing as providing too much information.  While a number of new social media mavens have declared that privacy is dead (I hope they are wrong), do you really want your mobile device to tell the world (or even real-time record for the world) where you are at all times? Think how such data could be used against you by competitors, criminals, stalkers, and so forth.  As an added bonus, turning off your GPS will greatly improve your battery life.

Beyond the theft of information, the physical theft of a smartphone can be devastating. A thief who wants access to the information on your phone can bypass the screen-lock in no time (a “how to” guide to breaking into most any device can be found with a quick Internet search.) In the time it takes you to recognize your phone is gone and wipe it, a thief who knows what he or she is doing can wreck a lot of havoc. While not exactly a tip, do yourself a favor and secure the smartphone itself.

What are your thoughts? Any tips that we can add to the list?
Jim Clausing Technical Staff Principal Member AT&T About Jim