Divisive security


Q: Can you direct me to a good checklist of precautions we should take to secure our employees’ mobile devices?

A: Security is a hassle, but a necessary hassle. Perhaps this checklist will help you lock down those mobile devices once and for all.

1. Lock it. Require employees to lock their phones using either a personal identification number (PIN), swipe gesture, or fingerprint scan. In addition, make sure the phone self-locks after a short period of inactivity (such as 30 seconds).

2. Back it up. Require employees to configure an automated backup procedure, examples of which are described in the March 2011 Technology Q&A article “I Don’t Want to Lose You” (page 63).


3. Use anti-virus software. Run an anti-virus app on your smartphone such as AVG Antivirus for Android Mobiles (free; tinyurl.com/63huyon), Norton Mobile Security ($29.99 for one year; $49.99 for two years; tinyurl.com/khar8gq), or Avira Mobile Security (free; tinyurl.com/kd2f888).


4. Install a locator program. Apps such as Find My iPhone (free; tinyurl.com/pru4q4u) or Android Device Manager (free; tinyurl.com/ocjq6kv) can help you locate your phone if it is lost or stolen.  

5. Avoid suspicious Wi-Fi. Anyone with a cheap router can set up a seemingly friendly Wi-Fi connection in a crowded location and invite you to use it. But if you do, they can capture your information packets and later possibly extract the passwords you typed. This can occur even when using a wired connection in a hotel room, if the hotel’s IT staff is unscrupulous. Play it safe, use your Wi-Fi at home and the office, but if you must use it in other venues, don’t enter any passwords unless the website you are connecting to uses encryption. (You can tell if a website uses encryption by looking at the webpage address—if it begins with https://, the “s” portion of this prefix signifies that your connection is securely encrypted.)

6. Employ the self-destruct setting. Many smartphones today can be set to auto-delete all of their contents in the event that someone attempts to access the device using wrong passwords more than a specified number of times consecutively (usually 10 times). Some of these tools also enable you to wipe the phone’s data remotely, even if the thief has not attempted to access the device.

7. Install trusted apps only. To lessen the likelihood of downloading malware, you should only install apps offered by reputable companies. Further, because a lot of malware is transmitted via games, you may want to avoid loading gaming apps on your smartphone.

8. Avoid suspicious emails. If you receive emails on your smartphone, use common sense and don’t open any attachments unless you are sure the source can be trusted.

9. Be careful of Bluetooth and NFC. Bluetooth allows you to connect your smartphone to your car’s telecom systems, external speakers, wireless keyboards, and headphones. NFC (near-field communication) allows you to make credit or debit card payments with a wave of your smartphone. Unfortunately, these types of wireless connections could potentially be exploited by unscrupulous people to access your device, so switch these features off or put your device into “not discoverable” mode when possible. In addition, never accept Bluetooth connection requests from unknown devices.
10. Encrypt your smartphone. Some smartphones (such as the Samsung Galaxy S5) provide the ability to encrypt the entire device every time the phone is turned off; thereafter, a PIN is needed to access the device. This is similar to the Windows BitLocker whole-disk encryption, which encrypts your computer whenever you sign out of Windows or turn off your computer. As added security, this measure prevents professional hackers from accessing your data by tearing the device apart to gain direct access to the internal data drives. The iPhone provides similar functionality; once a PIN passcode is set up, the iPhone automatically encrypts iMessages, mail messages and attachments, and data when the iPhone is locked or turned off.


J. Carlton Collins ( carlton@asaresearch.com ) is a technology consultant, CPE instructor, and a JofA contributing editor.

Note: Instructions for Microsoft Office in “Technology Q&A” refer to the 2013, 2010, and 2007 versions, unless otherwise specified.

Submit a question
Do you have technology questions for this column? Or, after reading an answer, do you have a better solution? Send them to jofatech@aicpa.org. We regret being unable to individually answer all submitted questions.


Year-end tax planning and what’s new for 2016

Practitioners need to consider several tax planning opportunities to review with their clients before the end of the year. This report offers strategies for individuals and businesses, as well as recent federal tax law changes affecting this year’s tax returns.


News quiz: Retirement planning, tax practice, and fraud risk

Recent reports focused on a survey that gauges the worries about retirement among CPA financial planners’ clients, a suit that affects tax practitioners, and a guide that offers advice on fraud risk. See how much you know with this short quiz.


Bolster your data defenses

As you weather the dog days of summer, it’s a good time to make sure your cybersecurity structure can stand up to the heat of external and internal threats. Here are six steps to help shore up your systems.