Mobile & Wireless Device Security
Mobile computing devices: smartphones, iPods, tablet devices, etc. are also susceptible to attacks and data loss. Here are a few thoughts on securing them:
- Procure and manage your apps wisely. At the moment, AndroidTM devices pose an elevated risk. Here is a checklist of six good practices for apps: (+expand)
- Be aware that there is malware (viruses, etc.) for apps. These could do the same sorts of things that PC/Mac/Linux malware can do.
- Before you install any other apps, install a security system on your mobile device. This will reduce the chance of malware (virus) infection. If you are unsure about what to use, ask your carrier or device manufacturer.
- Purchase/procure apps from well-known publishers, such as the apple store, google (Play Store) or BlackBerry world. If you don't you may subject yourself to malware and shady business practices (i.e. regarding returns).
- Do your homework and research the app, including ratings, to ensure it does what you expect and you are aware of shortcomings. Check with your friends/family about their success with a particular app.
- If purchasing a security vault (password storage) app, be extra careful in your publisher and with research. Your keys to the kingdom will be stored there!
- Be careful when installing the app. At that time you are configuring it and defining permissions, including location, GPS, contacts and camera. Consider the purpose of the app when deciding if it needs access to a resource.
- When you are finished with your mobile device, before you dispose of it, make sure you wipe it completely to remove any Personally Identifiable Information (PII).
- Make sure you keep physical control of your mobile device. Mobile devices are inherently small and can easily grow legs.
- Make sure you have set a strong password on your device.
- Consider using special services to wipe your device remotely if it is lost or stolen.
- Keep software up to date (patched).
- Set an idle timeout that will automatically lock the device when not in use.
- If your device supports it, ensure that it encrypts its storage with hardware encryption.
If you're setting up your own WiFi network, make sure you take the following security steps:
- Change your SSID name from the default but don't make it an easy target.
- Change the default password and username for your administrative user. Make sure to use a strong password.
- Use the WPA2 (Wi-fi Protected Access 2) protocol. It is more secure than WPA, WEP (or NO encryption).
- Use a password on your network, keep your password secure and change it often.
- Limit the range of your Wi-Fi signals to reduce war driving and unwanted access.
- Use MAC address filtering to deny requests from unwanted clients.
- Turn off the network during periods of non-use (vacation, etc.).