Keeping a mobile phone safe is a daunting task in a robust threat landscape that includes snooping governments, data leaks, user loss, theft and Wi-Fi surveillance, but there are some smartphone security settings that can help.
Operating systems such as iOS, Android and Windows Phone offer plenty of basic smartphone security settings. Some companies can use these features alone without spending an extra cent on more sophisticated enterprise mobility management (EMM) tools.
Setting up passcodes
Password locking and device encryption are the first smartphone security settings users should enable, and they come standard with many mobile OSes. Requiring a basic four-digit PIN code lock is better than nothing, but increasing the password to six or eight characters and adding letters can enhance device security significantly.
To enable a passcode in iOS 7, users should go to Settings > General > and slide Simple Passcode to off. Enabling a passcode automatically encrypts the device's storage. On the iPhone 5s, Touch ID lets users unlock their phone with a fingerprint, which makes the task less of a chore.
Windows Phone 8 users should go to Settings >Lock Screen > Password. Note that setting a password in Windows Phone 8 doesn't encrypt the device memory. BitLocker encryption must be enabled through Exchange ActiveSync policy, so it will only benefit organizations with an Exchange server. The Windows Phone 8 OS does not encrypt removable media such as a micro SD card.
To set up a passcode in Android Jelly Bean, direct users to Settings >Security >Screen Lock >Password. Enabling internal device encryption requires an additional step.Users should go to Settings >Security > Encryption to set it up. The Android OS can apply a passcode to the SIM card as well, which prevents the SIM card from being used in another phone without the code. But users should exercise caution when enabling a SIM card passcode because the card may have a default, carrier-set PIN. Applying another PIN could disable the SIM card.
There are also networking-related smartphone security settings. Windows Phone 8 and Android support Near Field Communication (NFC), which lets data transmit from one device to another at close range -- about 8 inches. NFC isn't very secure, but the applications that use the technology may add their own security layer. If users don't need to use NFC, have them disable it to reduce the attack surface.
In Android Jelly Bean, users should go to Settings > More… > NFC and uncheck the box. In Windows Phone 8, NFC is off by default, but workers who have it on should go to Settings > Tap and Send > NFC Sharing and move the slider to off.
Apple added a feature in iOS 7 called AirDrop that allows data exchanges between iOS devices via Bluetooth and Wi-Fi. AirDrop can be set to Off, Contacts Only or Everyone. Asking users to limit their AirDrop communication to people they know as opposed to any capable device can enhance security.
Eavesdropping on Wi-Fi networks, particularly public ones, poses enough of a risk to warrant tighter device security. Though it can be annoying for employees, using the built-in virtual private network (VPN) client included on many mobile phones can encrypt the data being passed across an unsecure connection. Some EMM products such as AirWatch and Citrix's XenMobile provide users with Internet browsers that securely tunnel traffic via the organization's Internet connection, which can decrease the tedium of having to establish and reestablish a connection and enter credentials to access the VPN. Many EMM tools also offer application-level VPNs that switch on every time the secure application is transmitting or receiving data.
Many users like being able to access their data files from anywhere, which leads them to cloud based storage. Adding an extra layer of protection to that access is wise. Mobile apps from Dropbox and Box, for example, allow users to set a four-digit passcode to access the application. Dropbox erases the app data after 10 failed password attempts.
Backing up an iPhone to a PC or Mac running iTunes can transfer personal and organizational data to the desktop. By default, these backup files are not secured, so users should confirm that Encrypt iPhone Backups is checked in iTunes.
The average life of a mobile phone is less than two years. Remind employees that erasing a device before reselling it or giving it away is an important step in keeping data safe.
In iOS 7, users should go to Settings > Reset > Erase All Content and Settings. Android Jelly Bean users should go to Settings > Privacy > Factory Data Reset, and in Windows Phone 8 workers can go to Settings > About > Reset Your Phone.
For the OSes that support removable storage, factory resetting the phone will not reset the storage media, even if it's present for the mobile phone reset. SD cards should be removed prior to disposal of the smartphone.
To ensure that data can't be recovered by more advanced methods even after a reset, users should encrypt the internal storage of their smartphones before ever putting any personal or work data on it. If the deleted data is somehow recovered, it will be much more difficult to decrypt and use.