The Fundamentals of Protecting Mobile Devices

Follow these cybersecurity best practices to physically and virtually secure mobile devices by applying multiple layers of protection.


Do you carry your mobile device everywhere you go? Is your mobile device within arm’s reach on the nightstand next to you while you sleep? Do you panic more about leaving your mobile device at home, rather than your wallet when you leave your house? Is your bank and financial information, and cryptocurrency also stored on your mobile device? Is your car and house keys also stored on your mobile device? And lastly, do you feel like your mobile device is a part of your hand and an extension of your mind? If you answered yes to most of these questions, then you should seek help immediately…or just read on.

With iOS and iPadOS 15, you can add digital copies of your driver’s license, and your work, student, or government-issued identification to your Apple Wallet alongside your stored credit cards. You will also be able to show your digital ID and boarding pass on your iPhone or Watch at the airport security checkpoint to get onto your flight. Additionally, several states have already implemented or plan on instituting a mobile driver’s license program, so user adoption is accelerating. You can also add a copy of your COVID vaccination card to your mobile device as more restaurants and indoor activities ask for proof of vaccination as a condition of entry. Soon, you can leave your physical wallet and keys at home and just bring your mobile device everywhere.

Unfortunately, today’s cybercriminals are now going after your mobile devices using both physical and virtual attack vectors. Threat actors want control of your device’s processing power, which can be used to mine cryptocurrencies, take part in mobile botnets for sending phishing messages, steal your confidential data including login credentials, display malvertisements, perform distributed denial of service (DDoS) attacks to websites, or engage in cyber espionage. These cybercriminals want to steal mobile identities, digital wallets, and financial account information to sell to hackers on the dark web.

Now, let us take a deep breath and fight back against these threat actors! Follow these cybersecurity hygiene best practices to secure all your mobile devices physically and virtually by applying multiple layers of protection.

    1. Turn on your mobile device’s screen lock with biometric authentication such as iOS’ Face ID or Android’s fingerprint or Face Unlock, or Samsung’s Iris unlock. This is the first impediment for a threat actor to attempt to bypass if your mobile device is lost or stolen.
    2. Enable file-based encryption. This is automatically enabled as soon as you create a strong passcode that is used as the entropy source to start the data protection process for file-based encryption. This is the second impediment for a threat actor to solve.
    3. Never share your credentials with anyone and enable multi-factor authentication (MFA) for your online accounts and remote access services such as Virtual Private Networks (VPNs). Use stronger factors, which use inherence (biometrics), possession, and context (location and time-of-day), not knowledge factors which use passwords or PINs.
    4. Refrain from connecting to unsecured WIFI networks. If you must connect to WIFI networks in public spaces, such as the airport or hotel, turn on an always-on VPN.
    5. Regularly update your operating system and apps.
    6. Install mobile threat defense (MTD) onto all your mobile devices, preferably one that has advanced detection and protection capabilities at the device, app, and network levels including anti-phishing protection for email, attachments, and text messages.
    7. Only download applications from the iOS App or Google Play Store. If your company employs a unified endpoint management (UEM) platform, the IT administrator can deploy the company’s enterprise app store or silently install work apps onto the managed device. If the device is lost or stolen, the UEM can remotely lock, retire, or wipe the managed device to further safeguard your data.
    8. Do not jailbreak or root your mobile devices. This removes the native device protections and installs malicious exploits to take control over your device.
    9. Backup important data onto your desktop or upload to your trusted cloud storage service.
    10. With the ongoing pandemic and the resurgence of the COVID virus, most of us spend our time at home. I employ a home firewall with an intrusion prevention system turned on in front of my wireless router from the internet. There are free open-source firewalls that you can install and run on an older PC with easy-to-follow instructions online.

Apply the same common-sense and multilayered strategy that you use to safeguard your wallet and personal valuables from thieves to your mobile devices. Take it a step further by implementing the aggressive countermeasures above for protecting all your mobile devices—not so much for the cost of replacement for the device itself, but for all the sensitive data and irreplaceable content that it contains.


James Saturnio is a Senior Lead Technical Market Advisor for the Technical Marketing Engineering team at Ivanti. He immerses himself in all facets of cybersecurity with over 25 years’ hands-on industry experience. He is an always curious practitioner of the zero trust security framework. Prior to Ivanti, he was with MobileIron for almost 7 years as a Senior Solutions Architect and prior to that, he was at Cisco Systems for 19 years.