📑
Here are 10 tips from the French National Cybersecurity Agency (ANSSI) in a simple-to-follow checklist to protect mobile devices against malicious attacks. Feel free to share with every information system user you know!
1. Updates
Keep the operating system and applications on your mobile devices up to date. These updates from software providers improve the security of operating systems and apps.
Restart your mobile device regularly. Restarting helps limit the impact of non-persistent compromises.
2. Operating system
Enable operating system hardening mechanisms. This reduces the number of entry points for attackers on mobile devices. It is particularly recommended for at-risk individuals within the organization who are likely to handle sensitive data or systems (administrators, decision-makers, etc.).
3. External devices
The mobile device must never be connected to an unknown device that is likely to be infected or compromised: chargers, external storage media, computers, etc.
Similarly, mobile devices should never be connected to public Wi-Fi networks, which can be an easy entry point for attackers.
4. Applications
Only install applications from the official storefront. Third-party applications are not verified and do not comply with security rules.
Uninstall unused apps and limit the permissions you grant. Restricted permissions help limit the risk of your mobile usage habits being monitored for the purpose of selling this data to third parties, or of your camera or microphone being recorded by malicious apps.
Also remember to disable any features that you are not actively using.
5. Connections
When not in use, disable Wi-Fi, Bluetooth, NFC, and location services to limit the visibility and exposure of your mobile device.
6. Personal and professional use
As with all IT equipment, it is crucial to separate personal and professional use on mobile devices. This is because security measures are stricter in a professional environment, meaning that personal use poses an increased security risk.
7. Mobile device status
If a user needs to leave their mobile device unattended, regardless of the length of time, it must be turned off first. Compromise only takes a second.
8. Confidentiality
In the event of confidential conversations and exchanges of sensitive information, place phones in a separate area, as they may pick up surrounding sounds (note that spyware can work even in airplane mode!). This will limit the risk of espionage.
9. Encryption
No sensitive information should be sent by text message. Work-related data should be exchanged via secure messaging with end-to-end encryption.
10. Phishing campaigns
Phishing campaigns may involve sending requests that appear legitimate but actually ask for actions that allow attackers to achieve their goals. Requests may include transmitting confidential data or linking unknown devices to an email account. Be extra vigilant, especially when on the move, by confirming the origin of the message.
Attack surface management, EPP, EDR…
Learn how to effectively protect your workplace from cyber threats:
More articles
Cybersecurity: Offensive vs. Defensive AI
Artificial Intelligence can be used by organizations to guard against and react to threats, but also by attackers to commit…
Deploying or changing EDR: a team effort
Who to involve in a project to deploy or change EDR, before and during the implementation of a cyber project.
System compromise: assessing and containing an incident
How should you respond when an IT system is compromised? From assessment to containment, InterCERT France offers a series of…
Cybersecurity: choosing an EDR, key points to assess
How do you choose the right solution for your organization to protect your endpoints against threats? What criteria should you…