Mobiles and tablets for business
Today smartphones and tablets are used for business, presentations, banking, research and hundreds of other tasks at any time, and from any location.
Mobile devices like smartphones and tablets are basically small portable computers. Just like your computer at home, they can be hacked, infected with malware and, if unsecured, provide access to your work information.
Use this guidance to secure your device; secure your information; and use it safely.
So what could happen?
If your mobile device is unsecured, lost or stolen:
- It could be used to access your money or steal your identity using information stored on your device.
- You may lose irreplaceable data like documents, notes or messages (if it is not backed up).
- Your social media accounts could be accessed, which could enable someone to pose as you or steal your identity using your profile information (such as your date of birth and photo).
- Someone could use your phone/tablet or its SIM card and rack up telephone charges to your account.
- You may have to cover the cost of a new device.
Remember, your smartphone or tablet is a mini-computer and you need to protect and secure it just as you would your work or laptop computer. Treat your phone like your wallet; keep it safe and with you at all times.
Secure your mobile or tablet device
- Set a password, Personal Identification Number (PIN), passcode, gesture or fingerprint that must be entered to unlock the device. Don’t forget to put PINs on your SIM card, voicemail and also ensure the device is set to automatically lock.
- Your company may consider installing reputable security software that includes antivirus and antitheft/loss protection. Only install applications from the official device application store and do not 'jailbreak' your device. Your company should also consider developing a security policy regarding what can be installed on the device.
- Use your device’s automatic update feature to install new application and operating system updates as soon as they are available.
- Set the device to require a password before applications are installed. This will prevent unauthorised modifications to the device. Parental controls could also be used for this purpose.
- If you have an Apple iOS device, consider turning on two-factor authentication (2FA) for Apple ID. Download our step-by-step guide or visit the Apple website for more advice. For advice on turning on 2FA on Android phones, visit Google Support.
- Leave Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it.
- Ensure your device does not automatically connect to new networks without your confirmation.
- Record the International Mobile Equipment Identifier (IMEI) of your handset. Your IMEI is a 15 or 17 digit number often printed on a label under the battery or found in the Settings under General information about your device. If your device is lost or stolen, report this number to your company or provider and they can stop the handset from being used.
- Enable the remote locking and/or wiping functions, if your device supports them.
Secure your information
- Back up your data regularly, either with a backup application or by manually syncing the device with a computer.
- Do not save passwords or PINs as contacts on your phone or tablet.
- Enable device encryption to protect business and personal data stored on the device where possible.
- Check the privacy permissions carefully when installing new apps on your device and only install apps from reputable vendors. Where you can, make apps or profiles private and password protected. Learn more about protecting yourself from mobile malware.
- Ensure you thoroughly remove business data from the device before selling or recycling it.
Be mindful of where and how you use your mobile or tablet
- Use public Wi-Fi networks wisely. Your company probably uses a VPN connection for remote access. Ensure this is activated before conducting any confidential business on your device. Learn how to protect yourself when using public Wi-Fi.
- Use reputable sites and applications when downloading anything from the internet. Be mindful of your company's policies regarding downloading content.
- Log out of websites when you are finished.
- Turn off location services when you are not using them and limit the applications that can track and use this information.
- Think before you click. Do not open links or attachments unless you are expecting it and you trust the source. If in doubt, hovering over links often allows you to see the destination URL and you can decide if you recognise the website or email address – although URL shortening can make this difficult.
Learn more about portable devices, including smartphones, why it is important to monitor their usage and how to keep the data on them secure, with the ACSC's Quick Wins for Your Portable Devices.