We offer some quick and simple advice to help you keep mobile devices safe and secure
Mobile phones, tablets, and other mobile devices are tempting targets for cyber criminals. That’s because these handy miniaturised computers often contain valuable data and they may also be able to access such valuable data stored on charities’ office computers or in the cloud.
What’s different about mobile devices compared to desktop computers is that while cyber criminals generally have to hack into desktops over the internet, they have the opportunity to physically get their hands on mobile devices that have been stolen or lost.
A mobile device that does not lock automatically after a short period of inactivity can easily be plundered by anyone who finds or steals it. That’s why the most important mobile device security measure is to ensure that it is configured to lock automatically so that it can’t be accessed without providing a password, PIN, or a biometric such as a fingerprint or face scan.
Devices running iOS can also be configured to erase all data after ten failed unlocking attempts, making it far harder for anyone to unlock the device by making random password or PIN guesses.
This is important for two reasons. First, operating system updates often include fixes to known security problems, such as flaws which allow hackers to access confidential information by sending a specially crafted text message to the device.
Second, updates also introduce new security features. For example, all versions of Apple’s iOS from version 8 onwards automatically encrypt all data stored on a mobile device when it locked. (On modern Android devices, encryption is not activated by default but can be switched on.)
But jailbreaking and rooting also removes many of the security measures that the operating systems provide, leaving them more vulnerable to hackers. So ensure that you avoid taking that step.
If a mobile device is lost or stolen, then it is good security practice to lock it remotely (in case it was stolen or lost while unlocked). If the device is not recovered within a very short period of time then a remote erase command should be sent to it to minimise the chances that its contents will ever be accessed.
One way that cyber criminals get access to mobile devices is by adding malware to otherwise legitimate apps, or writing their own apps (such as games) and including malware. They then wait for victims to install this software.
The built-in malware may be able to steal passwords or extract data from the device, and that means it’s important for Android device users only to download apps from trusted sources such as Google’s Play store.
For iOS users as well as Android users it is sensible only to download apps from well-known authors, because downloading apps from Apple’s App Store or Google Play Store does not alone guarantee that they are free of malware.
The nature of mobile devices is that they can be used away from the office or home network, but relying on public Wi-Fi access points can be a significant security risk. This can be mitigated by using a VPN when connecting over public Wi-Fi.
Both iOS and Android have VPN software built in, but this needs to be configured before it can be used. Both Apple’s App Store and Google’s Play Store also offer VPN apps that are tied to specific VPN services.
Cyber criminals can attempt to hack a mobile device when they are in close proximity by taking advantage of security flaws in the device’s Bluetooth capabilities (a process known as Bluejacking).
The easiest way to counter this is to turn Bluetooth off, although this may not be convenient if it is being used to connect to a Bluetooth headset, keyboard, or smartwatch.
If the advice above about not jailbreaking or rooting mobile devices is followed, and apps are only downloaded from Google’s or Apple’s app repositories, then it is extremely unlikely that malware will get on to mobile devices, according to the National Computer Security Centre (NCSC).
But some endpoint security products for mobile devices also offer additional security features such as VPNs, the ability to lock down sensitive documents or apps with PINs, or even features which take a photograph of the user when they try and fail to unlock a device. Although not essential, some charities may decide that this is a worthwhile additional security measure.