Threat Intelligence Blog

Posted October 15, 2013

There have been numerous articles written about security vulnerabilities in mobile devices and the potential for hackers to steal data from those devices. However, one of the easiest ways to keep information stored on a mobile device safe is to keep the device physically secure. Data breaches can occur if a device is lost or stolen. Fortunately, there are some easy ways to keep mobile devices physically secure, and to make it harder for the data to be stolen should they fall into the wrong hands.

1. Never leave your mobile device unattended.

This is the easiest and most important way to keep a device secure. Even if you only plan to be away from your device for less than a minute, that is still plenty of time for an opportunistic thief to run off with it. If you are in a public place, it is best to take small devices such as smartphones into the restroom with you by keeping it in your purse or pocket. If you have a desk at an office, keep devices in a locked drawer.

2. Be inconspicuous with your device.

This is especially true if you have a newly released or fairly expensive device. You never know who may be watching you in a public place. Pulling out your smartphone to check the time is acceptable, but extended use of any device could make it attractive to thieves. If you do need to check something on a device, be aware of any prying eyes that may be able to see the device’s screen.

3. Label your device in case it is lost.

Consider putting a recognizable sticker or other type of label with your name or contact information on your device so anyone who finds it can return it. A label allows someone to find out who owns the device, even if the battery dies.

4. Set the screen timeout to a short period of time.

A lengthy screen timeout time (or no timeout at all) allows others to pick up the device and use it if the device is either lost or away from its user for a period of time. This can also prevent inadvertent or accidental loss of data, such as if children find the device and assume it is a toy.

 5. Use passwords to unlock your device or any important documents.

Passwords, passcodes, and PINs for devices are generally simple and effective. For PINs, use a code that is four digits or longer, and avoid repeating digits. There are some devices that allow users to set unlock patterns that function like a PIN. If you choose to use a pattern, make sure no one can see your screen before using the pattern. Additionally, Indiana University’s Technology Services division warns that smudges on the face of your device may reveal your pattern to unauthorized users.

6. Do not use the “auto-fill” feature for passwords.

The “auto-fill” feature may save you time for passwords, but will nullify any password protection you may have should an unauthorized user pick up your device.

7. Delete any documents you no longer need.

If you are no longer using a document, especially if it is sensitive, you should delete it from your device. No one can steal a document that is not there. Keep only the documents that you really need.

8. Back up important files.

This applies to any important files, not just ones on mobile devices. However, mobile devices have a higher risk of loss or damage than desktop or laptop computers due to their size.

9. Consider a lock or alarm if sensitive data is on your device.

If it is absolutely necessary for you to store sensitive data on your device, there are physical devices such as cable locks that can deter theft. Users can also install tracking software, such as Prey for Android devices and Find My iPhone or Undercover for Apple products. These programs can track or locate lost or stolen devices in real time.

10. Enable remote device wipe/remote recovery.

If your device is corporate-issued and it is lost or stolen, immediately contact your IT department so they can begin remote recovery,and lock down the device. If it is your personal device and you have remote recovery services from your provider or device manufacturer, follow that procedure immediately. Some programs, such as Find my iPhone, allow you to do a remote wipe yourself. If you do not have any recovery or wipe mechanisms, contact your service provider so they can at least immobilize the device. If you have remote device wipe enabled, make sure you back up your files regularly.

Additional Posts

Bakken Shale Boom Creates Security Challenges for Energy Industry

The continuing boom in the shale gas industry has created new opportunities as well as new security ...

Bitsquatting Explained in 900 Words or Less: Part III

In Tuesday's blog post we discussed what bitsquatting is and how it happens. But how can ...