Like zero trust security, being a cyber defender is a personal mindset. One can argue that it might be a form of paranoia, but being situationally aware while connected online is a nice behavioral attribute to have given today’s internet climate with the barrage of news regarding ransomware and data breaches. Zero trust states never trust, always verify, act like the network you are connected to and your device are compromised by threat actors, and the applications and content installed on your device are vulnerable to sophisticated chained exploits. 

Now, take a deep breath and let’s fight back against these cybercriminals! Follow the list below of cybersecurity hygiene best practices to protect all your mobile devices physically and virtually by applying multiple layers of protection. And a pro tip: Ivanti Neurons for MDM, formerly MobileIron Cloud, Ivanti Mobile Threat Defense, Ivanti Zero Sign-On, and Ivanti Connect Secure can all be configured, deployed over-the-air, and enforce policies to ensure these security controls are enabled on your mobile devices.

  1. Turn on your mobile device’s screen lock with biometric authentication such as iOS’ Face ID or Android’s fingerprint or Face Unlock, or Samsung’s Iris unlock. This is the first impediment for a threat actor to attempt to bypass if your mobile device is lost or stolen. controls are enabled and remain enabled on managed mobile devices.
  2. Enable file-based encryption. This is automatically enabled as soon as you create a strong passcode that is used as the entropy source to start the data protection process for file-based encryption. This is the second impediment for a threat actor to solve.
  3. Never share your credentials with anyone and enable multi-factor authentication (MFA) for your online accounts and remote access services such as Virtual Private Networks (VPN). Use stronger factors, which use inherence (biometrics), possession, and context (location and time-of-day), not knowledge factors which use passwords or PINs.
  4. Refrain from connecting to unsecured Wi-Fi networks. If you must connect to Wi-Fi networks in public spaces, such as the airport or hotel, turn on an always-on VPN.
  5. Regularly update your mobile operating system and applications.
  6. Install mobile threat defense (MTD) onto all your mobile devices, preferably one that has advanced detection and protection capabilities at the device, app, and network levels including anti-phishing protection for email, attachments, and text messages, like Ivanti Mobile Threat Defense.
  7. Only download applications from the iOS App Store or Google Play Store. If your company employs a unified endpoint management (UEM) platform, the IT administrator can deploy the company’s enterprise app store or silently install work applications onto the managed device. If the device is lost or stolen, the UEM can remotely lock, retire, or wipe the managed device to further safeguard your data.
  8. Do not jailbreak or root your mobile devices. This removes the native device protections and can install malicious exploits to take control over your device.
  9. Backup important data onto your desktop or upload to your trusted cloud storage service.
  10. With the ongoing pandemic and the resurgence of the COVID virus, most of us spend our time at home. I employ a home firewall with an intrusion prevention system turned on in front of my wireless router from the internet. There are free open-source firewalls that you can install and run on an older PC with easy-to-follow instructions online.

Apply the same common sense and multiple layered security strategy that you use to safeguard your wallet and personal valuables from thieves to your mobile devices. Take it a step further by implementing the aggressive countermeasures above for protecting all your mobile devices—not so much for the cost of replacement for the device itself, but for all the sensitive data and irreplaceable content that it contains. The additional benefit may include keeping your sanity intact!

Interested in reading more about mobile device security? Check out my other blog posts to learn how to defend against ransomware, phishing and more!