Editor’s Note: The following article is reprinted from
CIO.com. Visit CIO’s
Macs in the Enterprise page.
If you’re an
Apple iPhone user and security’s not on your mind, you’re at risk; at risk of having a Web mail account hacked; at risk of having your online identity stolen; and at risk of losing valuable personal information, such as wireless service account data, that could result in financial losses, among other disasters.
When it comes to mobile devices, security tops the list of IT security managers’ concerns. And rightly so: According to a
Computing Technology Industry Association (CompTIA) survey of 2,024 information security professionals earlier this year, more than half of respondents say risks related to mobile devices and remote workers are up significantly compared to 2007.
Even if you use your Apple iPhone strictly for play, it pays to ensure that you’re checking your e-mail, surfing the Web via Wi-Fi and accessing various content and services in the safest possible ways. You can follow these six tips in a matter of minutes, and potentially save yourself weeks of damage control.
iPhone Security Tip 1: Enable Auto-Lock
One of the most basic iPhone security functions is the Auto-Lock feature, which locks the device’s touch screen after not being used for a preset time period. Users can choose to set their iPhones to lock after not being used for one, two, three, four or five minutes. Auto-Lock can also be disabled altogether.
Auto-Lock is turned on by default, but you can change the settings by first clicking the main iPhone Settings icon, tapping the General tab and then hitting Auto-Lock. Then select the desired time period by tapping the on-screen value. Finally, exit the Auto-Lock and Settings screens by tapping the box in the display’s top left corner.
Though Auto-Lock is not exactly a security function on its own, when combined with the Passcode safeguard described below, it’s an essential iPhone security feature.
iPhone Security Tip 2: Enable Passcode Lock
The iPhone Auto-Lock disables the device’s screen after a preset time period of non-use, but the Passcode Lock feature takes that a step further. Whenever the device’s display locks, whether due to Auto-Lock or because you’ve hit the iPhone Sleep button—found on the top right of the device—Passcode Lock requires a four-digit code to be entered before the device can be employed again.
To turn on Passcode Lock, simply click the main iPhone Settings icon again, hit General and then tap Passcode Lock. On the Passcode Lock menu screen, enable the function by tapping Turn Passcode On. You’ll then be prompted to enter in a new passcode. Good passwords are completely random and should not be chosen based on birthdays or other dates or numbers that could be uncovered by would-be hackers.
You can also specify when a passcode is required. To do so, tap Require Passcode and then choose whether or not you want to be prompted for a code immediately upon using the device, after one minute, five minutes, 15 minutes, one hour or four hours. Setting the passcode prompt to Immediately is the most secure, as users won’t be able to access the iPhone at all without entering the appropriate passcode.
The Passcode Lock screen also has options to Show SMS Preview and Erase Data. When enabled, the SMS preview function allows the first sentence of new text messages to appear on-screen even when a passcode has not been entered. If you’d like the highest level of iPhone security—or just some more privacy—you probably want to disable Show SMS Preview.
The Erase Data function lets you completely wipe your iPhone after 10 failed passcode attempts. After six failed attempts, the iPhone locks out users for a minute before another passcode can be entered. And the device increases the lock-out time following each additional failed attempt—one minute, five minutes, 15 minutes, etc.—so an attempted passcode bypass could take miscreants hours.
iPhone Security Tip 3: Use Wi-Fi safely on the iPhone
One of the iPhone’s most valuable features is its Wi-Fi support, which lets you connect to high-speed wireless networks for faster Web browsing and better data coverage in spots where cellular coverage is less than stellar. However, employing Wi-Fi networks without taking the proper security precautions can leave your device—and everything on it—open to crafty hackers.
First things first, you want to make sure your own
personal Wi-Fi networks is secured using
Wi-Fi Protected Access (WPA) or another wireless security protocol. (Refer to the product literature that accompanied your wireless router for more on how to enable Wi-Fi security.) When you connect your iPhone to that network for the first time, you’ll be prompted for the network’s password—assuming you’re using some sort of Wi-Fi security. You should also modify the name of your personal Wi-Fi network to something custom, to help reduce the chance of coming across another network with the same name.
To ensure that you don’t unknowingly connect to Wi-Fi networks while on the go, you should enable the iPhone’s Ask to Join Networks function. You can turn this feature on by once again tapping the main iPhone Settings tab and then choosing Wi-Fi. On the main Wi-Fi settings screen, turn the Ask to Join Networks function on by simply tapping the on/off button next to the option. After the feature is enabled, you’ll never connect to an open Wi-Fi network without first being asked to confirm the connection. (The device will still automatically connect to recognized networks, or networks to which you’ve connected in the past.)
It’s also a good idea to disable Wi-Fi whenever it’s not in use. This reduces the chance of accidentally connecting to an unsecured or suspect network and saves iPhone battery life. To turn Wi-Fi off, just hit the iPhone Settings icon, tap Wi-Fi and then click the on/off button on the Wi-Fi screen.
iPhone Security Tip 4: Securely access corporate, Web mail
If you’re a corporate iPhone user, the most secure way for you to access your e-mail, at least your business mail, is most likely
through a Microsoft Exchange Server—assuming your organization uses Exchange.
Lotus Notes users can also securely receive their corporate mail via iPhone thanks to the recent introduction of
Lotus iNotes ultralite. (For more on how to receive Outlook and Notes mail on the iPhone, consult your IT administrator.)
For non-business iPhone users, receiving Web mail, like
Gmail, AOL and Yahoo Mail, is a breeze; however, the process is not always secure—especially if you’re not aware of how to ensure that
secure sockets layer (SSL) protection is enabled, where available. SSL encrypts mail that’s sent and received via iPhone. If you’re unable to connect to your Web mail using the iPhone and SSL, consider using another mail account that does support the safeguard—I’ve setup a number of Gmail accounts using SSL on the iPhone. Or, if you choose to access mail without SSL, be aware that your messages are not secured—think post card vs. sealed letter.
To ensure that you’re using SSL when retrieving Web mail, click the main iPhone Settings tab, choose Mail, Contacts and Calendar and then select one of your active mail accounts. While on the mail account screen, click Advanced, scroll down to the Use SSL option and ensure that it’s set to On.
iPhone users can also access Web mail via their mail provider’s portals, but it pays to be security smart when using this process as well. For instance, iPhone users should ensure that the URL for the mail provider’s site begins with HTTPS://WWW instead of just HTTP://WWW, which signifies that the connection is secured using SSL. A tiny lock also appears just to the right of URLs when iPhone users navigate to pages that use SSL for secure connections. In other words, be wary of logging into any Web site to check mail via iPhone that doesn’t have HTTPS in its URL and a lock to the right of the Web address in your Safari browser.
iPhone Security Tip 5: Browse the Web via Safari
Just like surfing the Web via laptop or desktop computers, navigating the Internet via iPhone is rife with security risks. Proactively optimizing your iPhone browser security settings could potentially mean the difference between a fully-functioning device and an infected gadget rendered useless by malware.
The iPhone Safari browser security settings are basic—and most are turned on by default—but it doesn’t hurt to ensure that your iPhone Safari security settings are in order.
First off, you’ll want to ensure that pop-ups are blocked. Clicking on a malicious pop-up could expose your device to malware and lead to an infection. As mentioned above, pop-ups are blocked by default, but you can check and modify your settings by first clicking the main iPhone Settings icon and then scrolling down and tapping Safari. On the Safari settings screen, ensure that the Block Pop-ups button is switched to On.
You’ll also want to check on your Safari cookies settings.
Cookies are pieces of text that are distributed back and forth between Web servers and Internet clients, typically browsers, and they’re used mainly for authenticating users. However, cookies can be a security/privacy risk, as information about users’ devices, operating systems, browsers and, in some cases, browsing habits can be stored within cookies and could, therefore, be accessed by third-parties.
The iPhone Safari Accept Cookies function is set to From Visited by default—meaning the browser will accept cookies from sites that you navigate to—but the most security conscious iPhone owners may want to disable cookies completely. Cookies can be disabled by in the Safari settings menu by tapping the Accept Cookies tab and then selecting Never.
iPhone users can also clear their current crop of cookies by clicking the Clear Cookies button at the bottom of the Safari settings menu and then selecting Clear Cookies again on the following screen.
iPhone Security Tip 6: Set device usage restrictions
Though the iPhone has made some significant gains in recent days toward become a suitable business smartphone, its target user is still the consumer. And consumers come in all shapes, sizes…and ages.
IT administrators and parents with little iPhone users have the ability to set iPhone restrictions to, say, block explicit content from being shown on the iPhone’s music or video player. And they can block access to YouTube and stop third-party applications from being installed.
Read Macworld’s Christopher Breen on
the limits of iPhone’s restrictions
Restrictions options can be located via the main iPhone Settings menu, within the General tab. Once you’ve clicked on Restrictions on that tab, you’ll see a set of potential options beneath the words Enable Restrictions . Tap Enable Restrictions , enter in a four-digit code and then select the specific constraints you wish to impose by hitting the On/Off button next to each option.
Selecting the iPod Explicit option, blocks the user’s ability to sync any
iTunes content that’s branded “explicit” by Apple. If you disable Safari, block YouTube and iTunes, or say no to installing apps or using the gadget’s camera, the phone user will not be able to access any of these functions until a passcode is reentered and the restrictions lifted.