Tips for Securing Your Smart Phone
BY MARK ROLLINS
The development of “smart devices” has given EHS professionals unprecedented mobile productivity. These powerful products can receive e-mail, take pho- tos, run custom programs, and even ac- cess company databases. We are a far
cry from the day when the only things
our mobile phone did were make and
But there is a dark side to all this power.
The potential for confidential or business-critical data to be compromised or stolen is
far greater with these devices if we don’t take
This article discusses basic security considerations for smart devices. Note, however,
that none of the recommendations or suggestions here guarantee that data cannot be
compromised. Much of this article is geared
toward the individual and the small business
user. If you work for a larger company, you
can probably assume that your Information
Technology department set up your device
properly—though, again, there are no guarantees, and I don’t mean to say that everyone’s
IT group did it correctly or completely.
Let’s first examine the most basic level of security: a lock-screen password. This feature is
arguably the first and most important step for
security. If you record the user IDs and passwords to all of your accounts—Amazon, eBay,
banking, etc.—in your smart device’s address
book, you can literally lose almost everything
if your device is compromised.
I highly recommended that you not use a
password like “0001,” which is easy to key in
with one thumb but provides little security.
Alphanumeric passwords, which some smart
devices allow, are much more effective, but
you should enable this feature only if your
device has voice dialing. You don’t want to
be driving down the highway at 70 mph trying to key in “Fun&Sushi4” to make an important conference call.
You will infer from my example that a
phrase used to secure a smart device should
not be easy to guess. A good practice for
passwords is to use a mix of upper- and
lower-case letters, numbers and punctuation.
One common but ineffective trick is to pair a
simple word (such as names of seasons) with
a seemingly random error. This practice is extremely dangerous from the standpoint of device and data security. If the password for the
Droid you bought this past June is “Sum-
mer2012,” you should know that your crafty
use of an incorrect year isn’t fooling anyone.
I recommend using passwords based on
childhood or personal experiences that would
be difficult to guess (not birthdays). For example, if you used to live at 1323 Maple
Lane, “1323MapleLane!” makes an excellent
password. You could even record it as a
mnemonic clue (“13M!”), which no one would
be likely to recognize.
Some of the first-line defenses below go
hand in hand with a complex password.
(These may already be enabled on your device if you work at a large corporation.)
Auto-lock. Any device should automatically
lock itself after a predefined period of inactivity, usually 5 to 10 minutes. With this feature enabled, if you don’t touch the screen or
provide any input to the device, it will shut
itself off, requiring a password to turn it on
Hardware encryption. The data stored on
some smart devices is written in a scrambled manner that is not easily decoded.
Check with the manufacturer to verify
whether your device has this feature.
Auto-wipe. Some devices have a feature that
automatically erases its memory following a
predetermined number (usually 10) of failed
password attempts. If a device with this feature is stolen, the thief has only 10 tries before his new smart phone becomes an
expensive, attractive paperweight. Meanwhile, the owner can replace the phone and
recover all data from her backup.