Wikier

Digital security

Safety on mobile devices

Detaljer Skriv ut

How to secure mobiles and tablets so that information and data do not end up in the hands of unauthorized persons. Guidance, advice, and support for information security on mobile devices.

Norsk versjon - Sikkerhet på mobile enheter

Topic page: Informasjonssikkerhet | IT-hjelp | Pages labeled Digital Sikkerhet

Innholdsfortegnelse [-]

  1. Checklist
  2. Generally
    1. Activate touch/Face-ID and pin code
    2. Turn on encryption on your device, including memory card
    3. Turn on automatic updating
    4. Do not use unknown chargers/charging cables
    5. Report if your device is lost or stolen
    6. Distinguish work and personal life
  3. Network and transfer of data
    1. Use mobile data over unknown Wi-Fi
    2. Use VPN for all network traffic
    3. Be careful using Bluetooth and turn off when not using it
    4. Prevent eavesdropping by disabling sharing services after use
  4. Deletion and storage
    1. Enable automatic backup and option for external storage
    2. Activate remote wipe option and delete the data if you lose your mobile device
    3. Take a backup and delete data if the phone needs repair.
  5. Applications
    1. Consider which apps you install
    2. Give your apps minimal access to microphone, camera and locations
    3. Prevent others from reading notifications from the locked screen
  6. Contact

Checklist

Review the list below to ensure you are following best practices for safeguarding information security on your mobile device.

Note: This list is only tips and advice on how you can safeguard your information security on mobile devices, not guidelines.

Several of the points in the list are based on NSM's advice on security on mobile devices (in Norwegian only).

Generally

  • Activate touch/Face ID and PIN code
  • Turn on encryption on your device, including memory card
  • Turn on automatic update
  • Do not use unknown chargers/charging cable
  • Report if the device is lost or stole
  • Separate work and private life

Network and transfer of data

  • Use mobile data instead of unknown wifi
  • Use VPN for all network traffic
  • Be careful when using Bluetooth and other data sharing, and turn it off when not in use
  • Prevent eavesdropping by disabling sharing services after use

Deletion and storage

  • Enable backup and remote storage option
  • Enable remote wipe option to be able to delete data if you lose your device
  • Make a backup and delete data when sending the device for repair

Applications

  • Think about which apps you install
  • Give your apps minimal access to microphone, camera and location data
  • Prevent others from reading notifications from the locked screen

Generally

Activate touch/Face-ID and pin code

Use a minimum PIN of 6 characters. Preferably a password and biometric ID. Most devices today come with standard requirements of a minimum of 6 characters. It doesn't help much with advanced biometric methods like face-ID if you have a simple PIN code of 4 characters. Feel free to choose a password and not just six numbers.

Be conscious of shielding your code from view if you are in a public place, so that others or covert surveillance does not see your password/PIN.

Guides (external links):

Turn on encryption on your device, including memory card

All new mobile devices today have encryption of the device by default. To encrypt something means to transform data so that it cannot be changed or read by someone who should not have access to it. Older mobile devices do not have encryption set by default. It is therefore a good idea to check if the device has encryption enabled. It's not easy to create a guide that covers all devices here, but you can do a web search based on the device you have. Example: "how to encrypt Samsung s8"

Turn on automatic updating

One of the most important measures you can take yourself is to make sure that the device is updated at all times. To do this, turn on automatic updates.

Do not use unknown chargers/charging cables

The charging cable for your phone doesn't just contain wires. The cable is a clever little thing, there are fake cables out there that can be used to infect devices. In some places, you also offer the option to charge devices from a USB connector in the wall. Don't use it! There may be a PC sitting on the other end and then you don't just get power.

Bring your own charger and cord!

Report if your device is lost or stolen

If your mobile device is lost or stolen, you must:

  • Block your subscription so that no one else can call at your (or NTNU's) expense.
  • Remotely delete the content
  • Change the password on your NTNU account.
    • If you are absolutely sure that you have never used the device against NTNU's network or any of NTNU's services, this can be omitted. If in doubt, change your password.
  • If the unit and/or subscription belongs to NTNU, you must notify your superior.

If you suspect that the device has been stolen, you should report the matter to the police and block the device for further use. Then it will not be usable in the telecommunications network, even with a new SIM card and a new subscription. This can be done with the police. You will then need the IMEI number which is the very identity of the device. The IMEI number is on the box and normally under the battery. You should write down this number. You can often also get it from your carrier.

Distinguish work and personal life

Keep in mind that both your work information and your private, personal data can be sensitive and valuable. A conflation of your personal and work accounts and functions therefore increases your mobile vulnerability if, for example, your mobile phone is stolen.

Don't use your mobile device as permanent storage for private data and use as few personal accounts as possible. Back up your personal data from your mobile devices so you don't lose anything in the event of a loss.

Consider using separate devices for work and personal life.

Network and transfer of data

Use mobile data over unknown Wi-Fi

Wi-Fi/Wireless networks are not always secure. Anyone can set up a wireless network with the same SSID that already exists in a business or coffee shop. The administrator of that network may choose to store and/or analyse all traffic from your mobile device. It is therefore recommended to use Wi-Fi you trust and use mobile data outside of this.

If you need to use an unknown wireless network, be sure to enable VPN. You can read more about it further down in the article.

Use VPN for all network traffic

Use VPN to establish a secure and encrypted network connection between your mobile device and NTNU's ICT infrastructure to secure the communication between them. This allows you to work securely from locations outside NTNU and is a requirement to be able to reach more of the services offered.

It is important to keep in mind that VPNs only affect the network connection and not on the mobile device and how data is stored here, or access/eavesdropping around the mobile device.

Read more - Install VPN

Be careful using Bluetooth and turn off when not using it

Bluetooth helps you easily to make a connection between your PC, tablet, phone or other types of devices such as headphones.

A Bluetooth connection can transfer data from your mobile device and other devices. Turn off Bluetooth when you're not using it to prevent possible leakage of information. Also, be critical of which devices you connect to.

Activate Bluetooth only when you need it and turn it off after use. Avoid connecting to devices you don't own yourself, such as rental cars. It can be difficult to delete the information you have transferred from the vehicle's computer.

Prevent eavesdropping by disabling sharing services after use

Sharing data directly between mobile devices is often better than other sharing services that go via a cloud solution or via the internet because the possibility of eavesdropping on the communication is reduced. Disable sharing services immediately after use. This also applies to Bluetooth.

Only allow sharing with devices that are in your contact list via your device settings. Use a solution that is encrypted and verifies that you are connecting to the correct device.

Deletion and storage

Enable automatic backup and option for external storage

Storing data from mobile devices in the cloud can be a convenient and flexible way to access your data, and can be a good way to back it up. However, when you store data elsewhere than on your mobile device, you increase the risk that others can access the data.

Activate automatic backup on your mobile device, so you don't have to remember this. NTNU has its cloud solution in OneDrive.

Read more about OneDrive

Activate remote wipe option and delete the data if you lose your mobile device

Remote wipe is a function that clears a mobile device of all content, and is strongly recommended if you lose or have your mobile device stolen. NTNU's e-mail and calendar solution, Exchange, has functionality that supports remote deletion.

Most smartphones also have their own apps for remote locking and erasing. Some of these can also provide information about the device's geographical location and the option to send a message that will appear on the screen even if the device is locked. This can be important information to be able to find a lost or stolen device.

If you lose your mobile device, you risk the data ending up in the wrong hands. You should therefore be able to remotely erase the contents of the device if you lose it. The provider of your mobile device offers a remote erasure service. You can also set the device so that the content is deleted after a given number of unsuccessful attempts to enter the PIN code.

Take a backup and delete data if the phone needs repair.

It is possible to take a backup of the content when you synchronize a mobile device with a computer or via the provider's services. This means that you can easily restore the content if it is deleted remotely or deleted after too many login attempts with the wrong password.
When changing or upgrading a phone from the same manufacturer, you can use a backup copy of the content from the old phone. You must still check whether this is possible when you get a new phone.

Applications

Consider which apps you install

Don't install apps you don't need. Most apps gather large amounts of information from your mobile device. This is stored with the supplier and in many cases they share or resell it.

Give your apps minimal access to microphone, camera and locations

A tablet, a PC or a phone can register where you are. It can reveal the places you visit, where you work and where you live, even if you don't use a navigation app.

You should be careful about giving apps access to your device's camera, microphone and location data (GPS). Unwanted access to these functions can result in major consequences for the security of the user's privacy and the device's surroundings, for example in case of covert recording.

Therefore, regularly check what access you give to the apps installed on your mobile devices (for example microphone, camera and location data). Many apps ask for more access than necessary. Therefore, check what each individual app needs to function and which accesses you can disable.

Prevent others from reading notifications from the locked screen

Messages in notifications can be displayed on the screen, even if it is locked. Turn off notifications to the lock screen on the apps that have sensitive information. You can also use protective film to limit access to viewing the screen from oblique angles, or use a case with a flap that covers the screen.

Contact

Orakel Support Services can help if you have questions or if you encounter difficulties.

Do you have suggestions on how this guide can be improved? Send an email to orakel@ntnu.no.

3825 Visninger
IT-info: epost og kalender digital sikkerhet Målgruppe: Medarbeidere Tema: Telefon E-post IT-hjelp Informasjonssikkerhet
Tagger
mobiltelefon sikkerhet mobil nettbrett it-sikkerhet pad