Mobile Security

1. Ensure that devices do not use unsecured Wi-Fi networks to connect to the corporate network through public Wi-Fi hotspots. If necessary, use a VPN (Virtual Private Network) to secure your internet connection.
2. Segregate the network used by personal devices from the corporate network and critical business data.
3. Safeguard the corporate network with role-based device usage permissions and customizable access to corporate accounts. Where remote access is granted, require two factor authentification to connect to the corporate network.
4. Prevent downloading unapproved apps from unreliable third-party sources and only allow downloads from trusted sources, such as a corporate store, the iOS App store, or Google Play.
5. Detect and report high risk and non compliant devices Easily discover jail-broken and rooted devices within your organization’s network.
6. In case of loss/theft, educate employees to report it quickly and have employees to geographically locate the device and wipe its data to ensure corporate data safety.
7. Get employees to understand the dangers of “phishing” emails with links, “spearphish” personalized emails, or other dangerous e-mails sent to employees.
8. Verify all phone calls before taking action that could expose network to hackers.
9. Use Strong Passwords and Biometrics Ensure devices are protected with a strong password, PIN, or biometric authentication like fingerprint or facial recognition. This adds an additional layer of security to prevent unauthorized access.
   10. Enable Two-Factor Authentication (2FA) Use 2FA for your accounts to add an extra step in the login process. This usually involves receiving a code on your mobile device that you must enter along with your password.
   11. Keep Software Updated Insure that all device’s operating system and applications are regularly updated to the latest versions. These updates often include security patches that fix vulnerabilities.
   12. Install Security Software Use reputable mobile security software that provides features like malware protection, anti-theft, and secure browsing.
   13. Be Cautious with Apps: Download apps only from trusted sources like the Google Play Store or Apple App Store. Be wary of app permissions and avoid granting access to sensitive information unless absolutely necessary.
   14. Use Encryption  Enable encryption on your device to protect your data in case the device is lost or stolen. Most modern devices offer built-in encryption features.
   15. Regularly Backup Data Ensure you have regular backups of your data either on the cloud or an external storage device. This helps in data recovery in case of a device loss or failure.
   16. Be Aware of Phishing Be cautious of emails, messages, or links from unknown sources. Phishing attacks often use these methods to trick users into revealing personal information.
   17. Remote Wipe Capability Ensure your device is set up with a remote wipe capability, which allows you to erase all data on your device if it is lost or stolen.

Implementation Tips
 • Training and Awareness: Educate users on the importance of mobile security and how to recognize potential threats.
 • Regular Audits: Conduct regular security audits and vulnerability assessments to identify and address potential security gaps.
 • Policy Enforcement: Implement and enforce mobile security policies in your organization to ensure compliance and protection.

The list above is a starting point. Threats keep changing and ETMA members will expand its coverage of security as well.