Notes from the Field • 4 Min READ
The Do’s and Don’ts of Securing Your Portable Devices
Portable devices contain sensitive and private information. Information that needs to be safeguarded to protect the safety and security of organisations, clients, and employees. Which is why, on top of standard security measures, it is important to secure all devices such as mobile phones and laptops, both commercial and private, to maintain security protocols and reduce the attack surface.
Here are some do’s and don’ts on how to secure your portable devices!
Create Strong Passwords for Portable Devices
To make passwords harder for a hacker to decipher, ensure that each new password uses more than 8 characters, includes numbers, and incorporates special characters. Do not use words found in the dictionary. Instead, use a combination of random letters, numbers, and characters where possible.
Use different passwords for each account and login. That way, if a passcode is cracked, only one account will be immediately compromised.
Change passwords every 45 days. And do not recycle old passwords.
Use Two-Factor or Multi-Factor Authentication on all Portable Devices
Wherever possible, make sure to use two-factor authentication, especially with regards to social media company accounts. That way, you will be notified immediately when a login is made from another device.
To avoid a breach of sensitive information, verify that two-factor is maintained on all private and corporate portable devices. With an increase in remote working, this will also ensure that employees can access corporate systems safely, and company data is not further put at risk.
Not only are insider threat risks lowered by using two factor authentication, but with a rise in identity theft, two factor authentication will see that clients and companies maintain business relationships by certifying that people are speaking with the intended recipients and not a fraudster.
Keep Portable Devices Locked
When not in use, put a lock screen password in place, following the same password criteria as mentioned before. Lock your screen when not in use to avoid those surrounding you from accessing or viewing private information. For more advice regarding reducing insider threats, read our blog, ‘What Keeps You Awake at Night? Third Parties, Insider Threats, or Nation State Actors? Survey Results Explored’.
Customize advance device privacy and browser settings to make them more secure. For instance, block auto cookie & location tracking, block auto file download, disable auto-run of flash, and so on.
On mobile phones, elements like closing apps when not in use, and turning off Bluetooth functionality when not in use will also aid your security. Review your settings to reduce the attack surface.
Devices, and the applications on them, are more susceptible to attacks when systems are not updated. Often, they have bugs or security gaps, which can be handled by making sure that systems are updated. Maintain your antivirus and regularly check for updates.
Before updating, however, make sure that a pop-up is valid, and not a false link leading to malware.
Check accounts regularly to ensure that no changes have been made without your knowledge. Staying on top of accounts, and knowing what data is held in each, will make spotting an attack easier.
Don’t Install Apps From Third Party Portals
Download apps only from official app stores. Downloading apps from other places, including third-party app stores, easily gives way to malware. Once a smartphone, tablet or laptop is infected with malicious software, it is easy to take control of the device and for hackers to gain access to private and personal information, including passwords, contacts, and financial accounts.
With reference to finance, apps surrounding investment have grown substantially in 2020. This, in part, is a good thing, as the ability to invest online is quick and easy, and accessible to all. But due to the demand, many of these apps were developed quickly and are underprepared for cyber-attacks.
Many do not provide two-factor authentication, are not supported by the appropriate regulations, are not patched, or maintained properly, and do not have contingency plans in place to mitigate the effects of a cyber-attack. As a result, personal information of app users is relatively easy to steal and sell. This can be done by creating duplicate fraudulent apps to trick the user. On these duplicate apps, the imagery and language of the genuine app is mirrored. And, once the personal information is supplied, both real and virtual money is then accessible. Thus, the circle of ransomware ensues. For more on this specific threat to the financial industry, read our blog here.
Don’t Use Open Wi-Fi Networks
If necessary, use a VPN connection to encrypt data while using open Wi-Fi. While using personal devices to access work accounts, make sure to use a secure connection. Your personal device is more susceptible to hacking than your work device.
For the majority, VPN’s are being used by remote workers across most organisations. These are crucial and form a level of protection for remote worker devices. The major issue here, however, is that most organisations were in such a rush putting plans in place for their teams to work remotely, that these VPN’s did not/still have not passed the normal quality checks that you would expect. Some of these VPN connections were only initially meant for staff to dial into and were not intended for mass users. Now that everybody is using them, systems are under extreme pressure. To learn about how to remediate this issue, read our blog on ‘How the Developing Threat Landscape is Changing Business for Good’.
When in Doubt, Call Out
If you suspect that the security of your work device or data has been compromised, inform your cyber security team or your manager immediately. Talk to one of our experts on how to protect your portable devices and networks.