This list of recommendations, although created for supervising the security of a large number of devices, is just as useful to the individual user.
- Encrypt all mobile devices, including often overlooked hardware such as USB drives.
- Install USB locks as an additional countermeasure to prevent unauthorized data transfers through USB ports and thumb drives.
- Use location tracking software to remotely wipe data on the device if it is lost or stolen. The configuration of most leading encryption products leaves the device unencrypted when a password is entered. Thus, confidential data are unprotected if the device is lost or stolen while it is in sleep mode. The location tracking software should be configured to wipe data on the device after 10 failed passcode attempts.
- Use strong passcodes that are difficult to guess, and enable the fingerprint lock option if available.
- Enable and configure the screen lock after a short period of inactivity from 1 to 5 minutes.
- Disable Wi-Fi autoconnect, and access the Internet using the service provider's secure network or a secure Wi-Fi network instead. A public Wi-Fi should never be used for confidential data that could be exposed to attackers, regardless of whether the wireless network is secured or unsecured.
- Do not click on suspicious or unknown links, regardless of the sender.
- Do not respond to text messages from unknown sources or known sources that contain strange requests.
- Download applications only from trusted sources and distribution channels such as trusted data-sharing exchanges or federations.
- Understand the permissions that an application is requesting before granting them. If an application requests permission to access something that seems unusual for its purpose such as personal location or contacts, ensure that the application is legitimate and free of malware before granting permissions.
- Do not jailbreak the device by removing limitations or security parameters that guard against mobile threats.
- Ensure that the operating system installed on the device is current, and promptly apply platform updates when they are released.
- Install and configure current security software. Several vendors have developed applications to add third party security software to mobile devices, including Trend Micro, ESET, McAfee, Symantec, and Webroot.
Thank you to Melissa Harvey for permission to use this list from her article: "Privacy and Security Issues for Mobile Health Platforms" by Melissa J. Harvey and Michael G. Harvey. Journal of the Association for Information Science and Technology, 65 (7):1305-1318, 2014.