Keeping your iPhone, Blackberry, or other mobile device is very important. Most of the time, there is sensitive personal and/or business information on them that needs to be kept safe. It’s up to you to take the necessary steps to secure it. It requires active participation on your part.
The first step is to make sure you maintain physical control of the device. Treat it like a credit card, storing it securely when you aren’t using it. Besides the cost of the device itself, the loss or theft of a mobile device places the confidentiality of the device’s contents at risk, as well as the contents of resources the device can access, such as your email accounts, networks, and more.
Second, enable user authentication, such as requiring a pin or password before the device can be used. While not foolproof, this is the first barrier to unauthorized access to your device. Follow basic password policy, such as not using the same password or pin you use on other devices or networks. Turn on the time-out feature if the device offers it so it will auto-lock and require a password after a certain amount of time.
Third, make sure you are backing up your device regularly. Using a mobile device as the sole repository for important information is an invitation for disaster. Not only can the device be lost or stolen, but it can also be damaged. Makes ure you make backups of everything on the device regularly so it can be restored in the event your device is lost, stolen, or damaged.
Next, be careful about what you install on your device. Weigh the risks and decide if you really need a certain app before installing every cool thing that comes along just to ‘give it a try’. I’m sure you have seen on the news that even vetted applications such as those found in ‘app stores’ offered by manufactures can be risky. Media may seem harmless, but it should be treated cautiously, since it can be a means to launch malware. For example, Windows Mobile devices are able to detect when a storage card is inserted and to automatically load and execute an application from it, similar to the way the autorun feature in Windows desktop systems works. Social engineering is one way that users are induced into taking such actions or into allowing someone else to take them on their devices. Because of its effectiveness, forensic tools have been developed to exploit the autorun feature to recover data from handheld devices. Software download from sites that seem suspicious or are not known should also be avoided. Never install anything whose origin is unknown or suspect. Ideally, only programs that are from reputable manufacturers and have verified digital signatures should be installed, and even then, with caution.
Turn off Bluetooth, Wi-Fi, infrared, and other wireless interfaces until they are needed. This is particularly important for Bluetooth devices due to the increased risk of encountering mobile malware in crowded settings, such as an airport, sports event, or concert, which offer a target-rich environment for an attack. Being invisible prevents the device from being scanned and located, and its wireless interface used as an avenue of attack. Disabling a wireless interface also has the benefit of extending the battery life of the device. The Bluetooth wireless interface should be set in discoverable mode only temporarily, until pairing with another device is completed.
If your device is lost or stolen, disabling service, locking it, or completely erasing its contents are actions to take. Contact your cellular carrier to report a lost or stolen cell phone and discontinue service immediately. If it’s stolen, report it to the police and get a copy of the report, as you will need the police report to have any unauthorized charges waived by your provider.