Mobile device security guide

Published Apr 12, 2023 by Xiph

Mobile devices have a much bigger attack surface than desktops, making them a more significant threat to corporate security. That’s because smartphones, laptops, and tablets are a treasure trove of information. We also use them for personal purposes like doing our online banking, shopping, and sharing personal photos – making them an attractive target to cyber criminals and a double whammy for users. That’s why it’s important to properly secure them.

What mobile device security is

What is mobile device security?

Mobile device security in the cyber world is designed to protect sensitive data and assets stored on and transmitted by mobile devices such as smartphones, laptops, tablets, and even wearables, as well as the network connection to those devices.

Securing mobile devices requires a multi-layered approach, and while each strategy will be unique to specific business or personal needs, mobile device security comprises universally agreed components such as endpoint security, Virtual Private Networks (VPNs), secure web gateways, email security, etc. 

Read more: What’s a VPN & how does it work?

Why is mobile device security important?

Mobile device security is critical to corporate cyber security as mobile devices have a much bigger attack surface than desktops. From a business standpoint, mobile security protects enterprise data, applications, and systems stored on PCs and IoT devices remotely connected to a business network. Mobile device security must account for all the locations and uses that employees require while connected to a company network, and must account for the possibility of an employee losing a mobile device or the device being stolen. Conversely, as more companies embrace bring-your-own-device (BYOD) policies, it opens them up to attacks should unsecured devices connect to corporate servers and sensitive databases.

From a personal standpoint, smartphones and computers have become a mainstay in our everyday lives. But many underestimate the value portable devices hold, including emails, texts, contact lists, and even passwords. This information needs to be protected at all costs. 

Mobile device security threats

Here are the most common mobile device security threats:

  • Malicious or intrusive mobile apps 
  • Phishing scams
  • Poor encryption or broken cryptography
  • Data leakages
  • Spyware
  • Network spoofing
  • Connecting to unsecured Wi-Fi networks (i.e. man-in-the-middle attacks)

All these threats fall within the category of web-based threats, but there are also physical threats like if your devices are stolen, damaged, or impacted by a natural disaster.

11 ways to properly secure your mobile devices

Mobile device security threats are always evolving, but there are some tried and tested ways to mitigate risks.

VPN: Always use a VPN when connecting to a corporate network from a remote location or when using public Wi-Fi. This encrypts your internet traffic and shields your internet connection and location. Organisations can use Always On VPN alternatives that automatically connect the client and VPN upon sign-in. Plenty of third-party services are set up specifically for protecting corporate traffic from a mobile device to the internal network.

Encryption: Ensure all your mobile devices have their built-in encryption turned on in the settings and security section. Most computer operating systems (i.e. Windows 10, macOS, Linux) and mobile operating systems (i.e. iOS, Android) support Device Encryption.

Multi-factor authentication (MFA): Use MFA or two-factor authentication (2FA) on all your devices when possible. This requires a second or multiple methods of authentication when signing into devices, or logging into certain apps or websites. Additional authentication methods include biometric features, push notifications to another device, text messages, etc.

Secure gateways: A secure gateway sits between users and the Internet to enforce consistent internet and data security, and compliance for all users regardless of their location or devices used. It protects network connections and keeps unauthorised traffic out of your organisation's network.

Email security: Phishing is one of the common threats to organisations, so beef up your email security to monitor email traffic properly. This should help prevent or reduce the likelihood of email-based cyber threats such as malware, spoofing, identity theft, and other social engineering scams. Adequate email protection includes antivirus, antispam, image control, and content control services.

Vulnerability scanning: Use automated tools and penetration scanners to identify vulnerabilities in endpoints. Other endpoint security solutions include antivirus software, web filtering, application/patch management, endpoint encryption, and management, etc.

Auditing and device control: Track internet and media usage remotely and install remote wiping capabilities and tracking services on all laptops and tablets. This will ensure that whenever a mobile device is stolen or lost, the business can protect the lost data by remotely wiping the device or blocking access to it. Every business should have a BYOD policy with a strict remote lock and data wipe requirement.

Use a Faraday sleeve: Secure your mobile phone, laptop, and other portable electronic devices in a signal-proof Faraday bag or sleeve to shield them from wireless technologies and prevent hacking or tracking. This is particularly important if you travel overseas for work.

Backups: Set up automatic data backups for all your mobile devices, and cloud-based apps and services This will ensure you can get back your business information, contacts, and any relevant data should any devices be compromised or lost.

Updated software: Set up automatic updates for the latest security patches on your firmware and devices. Major mobile services providers like Google’s Android and Apple’s iOS roll out new updates every few months.

Mobile device management (MDM): This is a set of policies and technologies that control the configuration, monitoring, and management of your employees’ personal devices, such as phones, tablets, and laptops. Mobile Application Management (MAM) oversees the management of applications on mobile devices.

A final word

The mobile threat landscape is always evolving, which means organisations and IT teams need to always account for more vulnerabilities and update their security requirements accordingly. A strong mobile device security policy will go a long way to keeping your business safe from threats. For more information, contact us via email: [email protected].

Posted in: Security

Get In Touch