Imagine: you’re at a restaurant, and without realizing it, you left your phone in your car. No problem—it’s locked. When you walk out, you discover that the window of your car has been smashed and your phone is gone! The next day, you discover someone has accessed your email and forwarded several sensitive attachments to a Yahoo account. Now you have an even bigger problem. However, it doesn’t stop there. A few weeks later, your paycheck is late. It turns out that a hacker used a password from your mobile device to login and change your direct deposit information, so your paycheck was sent to a criminal.
The world is re-opening and people are again on-the-go. Whether you are traveling to a local restaurant or an exotic location, it’s important to keep your mobile devices safe. A recent survey found that 33% of mobile devices are lost or stolen when the user is on-the-go. In addition, criminals are targeting mobile phones 77% of the time, with laptops accounting for only 19% of mobile device thefts.
These days, mobile devices frequently contain both sensitive personal information as well as organizational data and access. In fact, Verizon’s 2021 Mobile Security Index Report found that nearly one in four companies experienced a mobile device-related compromise. Today’s savvy criminals know that your phone is more than an expensive gadget—it can be used to access your sensitive work data, bank accounts, and more.
As you venture out for work or pleasure, make sure to keep a close eye on your mobile devices. Don’t let criminals ruin your day. Here are easy tips to stay connected and protect your organization from the risks of mobile device theft when you are on-the-go.
Your First-Line of Defense – Restrict Access
- Use a strong PIN or passcode on every device. Best practices vary depending on what the device supports, but in general:
- Use a longer passcode (i.e., six instead of four digits).
- An alphanumeric code is even stronger
- Lock the screen on your device when it’s not in use.
- Don’t write down your passwords and take them with you – or store them with your device.
- Make sure your device is encrypted so that no one can access your data even if your device falls into the wrong hands.
- Many modern devices include built-in encryption by default. If you’re not sure that your device is encrypted, ask your IT team for help!
- Don’t share accounts that have access to sensitive information or resources with family or friends.
Verify That It’s You
- Take advantage of biometric options, which make it easy to keep your device and apps secure, even if they fall into the wrong hands.
- Familiar modern methods include facial and fingerprint recognition on phones, voice control in cars, mobile payments, and e-passports (check out our authentication blog for more details or check this blog for the latest trends).
- Multi-factor authentication (MFA) is an added layer of protection to verify it’s really you who is accessing your account and not a hacker. Most MFA programs ask for two out of three of the following factors:
- Something you know – such as a username or password
- Something you have – a physical token or authenticator app for example
- Something you are – such as a fingerprint or retinal scan
An attacker likely will have only one of these factors, such as a password. The extra MFA factor is a simple way to keep hackers out of your account.
- If MFA is an available setting for an app (for example, for a bank account or VPN), use it!
Physical Security
- Keep close track of your devices when traveling.
- Don’t leave devices on the seat of a car. This is one of the most common ways that electronic devices get stolen.
- Consider keeping your devices in a hotel room safe or other secure area if they will be unattended.
- Use a privacy screen (or privacy filter) to protect your laptop screen from prying eyes.
- These simple plastic covers make it impossible for anyone that is not sitting directly in front of the device to see the information on your screen.
Tips for Leadership
- Consider adding Mobile Device Management (MDM) software to your organization’s mobile devices: MDM enables your IT team to control, secure, and enforce policies on smartphones, laptops, and other mobile endpoints in order to protect your corporate systems. It also enables your organization to wipe device content remotely if a device is lost or stolen.
- Make sure everyone that is connecting to your enterprise systems has a minimum (baseline) level of security implemented on their mobile devices.
- Ask your team members to add a strong PIN, passcode or authentication method (such as their fingerprint) and a VPN for protected remote connections.
- Consider restricting access to files in the cloud so users cannot download sensitive information to unauthorized devices.
- Ensure that employees know to immediately report the loss or theft of any device that contains sensitive data.
As the world reopens, travel, dining out, even going into the office signal a welcome return to normalcy. If you take your device along with you, use these cybersecurity safety tips to proactively minimize your organization’s exposure to threats. That way, your time away from the office is more likely to be smooth sailing.
This blog is distributed with the permission of LMG Security.