Mobile Device Security Best Practices – CompTIA A+ 220-802: 3.3

Our mobile devices are easily lost or left unattended, and we need the best possible security to protect our private information. In this video, you’ll learn about passcode locks, remote wipe functionality, remote backup, antivirus, and patching of remote devices.

<< Previous Video: Configuring Email on Mobile DevicesNext: Comparing Tablets and Laptops >>

Our mobile devices have some significant security risks. They’re mobile, so we take them everywhere. And they’re small, so they’re very easy to lose or misplace. And we keep such private and confidential information on these mobile devices. And we also need to think about how we secure them as well.

A good security best practice for our mobile devices is to configure a pass code lock. That way, when we leave our phone somewhere and someone picks it up, they would not be able to gain access to the data unless they knew that passcode lock. You get to decide how complex you would like this pass phrase or this code to be. On some devices, you can do a simple four digit pin. On other devices, you may want to add a pass phrase. And still on other mobile devices, you move your finger around the screen in a certain pattern, and that’s what unlocks the device.

Another nice feature of these pass code locks is that there is a penalty for a certain number of failed attempts. For instance, in iOS, you can configure the phone to wait for 10 failed attempts. And after you have 10 of those in a row, the phone will delete everything on it. And that way even if you never regain access to the phone, you at least know that all of the data will be erased if somebody’s trying to hack into it. On an Android device, it’s configured to lock the device completely and you have to give your Google username and password, which of course should be a lot harder to guess than something like a passcode lock.

None of us like losing our mobile phones, but fortunately there’s some technology inside of the device itself that can help us get it back. And one of those is the built in Global Positioning System– the GPS. These devices will usually integrate with a map and give you an idea of where your phone might be located. There are also a number of location helpers, like Wi-Fi networks or triangulation of the mobile provider antennas that can help us get a little bit closer and put an icon right on a map that tells us here’s where your phone happens to be located.

Something that I’ll use even in my own home, is I’ll go to this map front end in my browser and tell it to play a sound. And my mobile device then rings very loudly. Even if it’s configured on mute, it will then make a noise so that I can figure out where it happens to be can also display a message on the screen as well.

And finally, you can tell the mobile device, I’m never going to find you. I have no idea where you are. Please nuke everything on the phone. Erase all of the data whatsoever. That way, even if I’m never able to find it, it will have none of my personal data on it.

Well, if we lose our phone and we have to delete everything, it would be nice to have a backup that we could then buy a new device and restore all of our data onto that. One of the challenges, of course, is that this is a wireless device that is constantly moving. And we’re always changing and updating the information that’s inside of that device.

One of the very common ways to then back up this data is to back it up to the cloud. There are services that are available on the internet that will back up our data and store it as we’re moving around throughout the day. This is a constant backup. We don’t have to push a button and tell it to back up. We don’t have to remember to back up this information. It is always being updated with what the latest information might be.

And it’s not using any wires. We don’t have to take it to a computer. We don’t have to plug it in. It’s simply backing up remotely all over those wireless networks that we’re using all the time. The advantage here is that if we lose our device and we have to buy a new device, we simply configure it with that cloud login. And it will then begin downloading all of our information. This may take quite a bit of time to finally download all of the things that we need, but we know that it’s all on the cloud, and we can at least get all of our information back, even if something was to happen to that mobile device.

With millions of mobile devices out there, the bad guys know that you have some pretty confidential and important information that you’re storing. And they’ve already created the malware to try to extract that information from your phone and put it into the hands of those bad guys. This is where the different philosophies between iOS and Android really shows some significant differences.

With iOS, it is a completely closed environment. Apple doesn’t allow you to put an application on a third party website and download that application and load it in your phone. This is a very closed environment. Everything goes into the Apple App Store and you can only download and run applications if Apple has approved those applications. Malware, therefore, has to find some other way in. They can try to sneak through the app store, but they’re probably not going to be able to do that. Instead, they’ve got to find some type of operating system vulnerability, and that’s much more difficult than trying to have somebody download an application from a website.

Obviously, one of the advantages of Android is that it’s a very open operating system. I can go to any website and download any application and run it on my Android device. Unfortunately, that means that I can download malware and run it on my Android device as well. It’s very easy for malware to find its way into the mobile device.

Fortunately, the applications run in what we can effectively think of as a sandbox. Applications don’t have complete access to everything in the operating system. They can’t access your contacts unless you allow that application to access your contacts. They can’t access your mail unless you tell the mobile device to allow that application to access your mail. So even though you may have downloaded and run the malware, at least we know that it can’t access things that we haven’t specifically given it permission to.

One way to keep the bad guys from using those vulnerabilities to get into your mobile device is to always have the latest operating system running on that mobile device. Just as you update the operating system and the capabilities of your desktop computer, you need to update the operating system and capabilities of your mobile devices as well. These updates maybe things like device update security patches, to make sure that all of the vulnerabilities are covered. Any time there is something identified as a security problem, the manufacturer will create a patch and allow you to update your operating system.

Maybe there’s new features and you want to take advantage of those new features. You’d have to update the OS to be able to use those. You don’t want to get behind on these. Once the bad guys know about a vulnerability, they will immediately try to take advantage of that. Because they know there will be a delay as people update their operating systems. So to avoid that, make sure that you’re always up to date when a new patch comes out. Make sure you load it as soon as possible onto your mobile device.