Mobile devices

Mobile devices are a security challenge. They’re convenient for users to take everywhere, but they’re also convenient for thieves.

Laptops

You must follow all the recommendations for desktop computers.

Laptops should be treated exactly the same as desktop computers, except:

You must use full disc encryption software.

Laptops are too easy to lose or be stolen. The only way to make sure information does not fall into the wrong hands is to use full disc encryption software with strong passwords.

Untrusted computers

You should never use any computer you or your employer does not own and control.

Public computers, in internet cafes, hotels, and so on, or computers owned by friends and clients should never be used to access confidential information.

Even if the operators of these computers are not intending to compromise your information, you are reliable on their security arrangements. If unbeknownst to them, they have malware such as a keylogger, using their computer will compromise your password and the information stored in your system.

Mobile phones

You must set a password or lock code for your phone, to prevent unauthorised access. The phone must be set to wipe automatically after a small number of incorrect attempts.

You should have the ability to perform a remote wipe of the mobile phone.

If you are using an Apple iPhone, you should only use the iPhone 3GS and later, as these devices use the mobile equivalent of full disc encryption and can be wiped instantly and unrecoverably.

Mobile web access

Just as with desktop computers, mobile web browsers cache information and login credentials. You must follow the recommendations above.

Further recommendations

  • When carrying a laptop use a generic bag, not one that is obviously intended for laptops to minimise the chance of theft.
  • Know how to remotely wipe your mobile device in the case of it being lost or stolen.
  • Don’t leave laptops and other devices for storing or accessing confidential information unattended in public places.
  • As well as using a password to access your mobile phone, make sure your answerphone is protected by a PIN.