Security Awareness Training

Lesson 7 | Securing Your Phone

Download Lesson PDF

The Importance of Mobile Security

The last third plane you need to secure is your phone. Regardless of the type of phone, you have if it is a smartphone than it is a highly powerful computer capable of real work. It is also a highly powerful tracker of your activities and access point into your private and professional digital world.

While a phone is very similar to a laptop computer, best practices for securing it are different and more extensive. In this lesson, we provide high-level guidance on securing your phone with links to more detailed settings you can optionally choose to evaluate.

  • Passcode protected (+ biometric). Your phone should be passcode protected, at the very least. Choose a passcode that is hard to guess (not your birthday or 1234546). Rotate your passcode on some cadence (every 6 months is good). And, if your phone has biometric capabilities like facial recognition or fingerprint, use these for added security.
  • Location services. One of the most exploited features and tracking capabilities of smartphones is location services. Apps can log locations when you log in or interact. Locations are often attached to your photos and videos. As a rule, you should limit location services to apps that need them (like weather or maps), and even then only allow apps to use location services when the app is running and not at all times.
  • App permissions. More generally than location services, you should pay attention to the permissions and access levels that you grant apps. While this has gotten better over the last few years, many apps still ask for the maximum permissions they think they can get.
  • Use 2FA or use SMS. This is not a phone security setting per se, but your phone is a good second or third factor for authentication. You can download authenticator apps or use SMS as a second factor. Neither is perfect, from a security perspective, but both reduce the risk to your accounts and identity significantly.
  • Incoming remote connections. Some smartphones offer connected to devices that are nearby. You should limit these connections, or not allow them at all. If you do allow them, you should only allow them from your known contacts.
  • Personal Hotspots. Many phones, with carrier permission, can be used as personal hotspots to allow internet connections through the phone's access to cellular data. If your phone can be used as a hotspot, you should default to leaving the hotspot off until you need it. And, when it is on, you should explicitly grant access to all devices.
  • Ask to connect to wifi. Wifi networks are everywhere. And, as you move around with your phone, you can connect to these networks. Some networks are not secure. And some are malicious in intent and try to use the network to gain access to connected devices. At the very least, you should not connect to wifi networks by default.
  • Unused apps. If you do not use an app that you have installed on your phone, you should delete it.
  • Update apps and OS. Similarly to your computer, you should update your mobile operating system and apps in a timely manner.

For more detailed guides on securing your mobile device try the following: Android and iOS.

Your phone is powerful. Protect it to protect yourself.