Shulou(Shulou.com)06/01 Report--

This security recommendation is for public mobile devices purchased and used within the enterprise, and is not recommended for company-wide personal mobile devices due to personal privacy and personal device ownership issues.

Mobile devices that use passwords, gestures and other unlocking methods should lock the screen automatically if they are inactive (not in use) for more than 10 minutes.

If the mobile device has settings for encryption, the highest encryption method (at least 128bit) should be used.

When choosing insecure WIFI and 3G/4G/CDMA services, you should choose Cellular data Communication Network (3G/4G/CDMA). Because cellular data communication network is more secure than insecure WIFI. In particular, if you access sensitive data, you should use × × instead of WIFI. (unsecure WIFI refers to the use of unencrypted WIFI, WEP, WPA or WIFI networks with insufficient encryption length. Personally, a secure WIFI network should be a WIFI network that has at least passed RAIDUS authentication. If conditions permit, it is best to join two-factor authentication. Generally speaking, the insecure WIFI mentioned above generally refers to the personal and public WIFI network. Insecure WIFI refers to a specific WIFI network within the company.

If the mobile device supports × ×, be sure to use it.

Register or record mobile device serial number (electronic serial number) and other identification information to facilitate recovery.

Internal WIFI authentication uses RAIDUS certified WIFI network, if there are conditions, it is best to join two-factor authentication (two-factor authentication refers to: what you know and what you have. For example, when users need to log in to the enterprise's internal WIFI, they need to enter the account password in the authentication interface, which you know. After the verification is completed, the server will send a SMS verification code to the mobile phone of the corresponding account and verify it again, which you have. ).

It is best to install remote erasure software on mobile devices logged into the intranet to prevent theft or loss during use.

Carefully choose the application to install on the device, and consider whether APP is secure, or whether operators often use APP mobile phone user profiles.

Close options and applications that are not used at work.

If the device requires Bluetooth, it is not allowed to automatically discover and set complex security passwords to prevent unauthorized access.

Mobile devices are best carried with you.

If the device supports it, it is best to install anti-virus and anti-malware.

The registered equipment is backed up regularly and the backup is encrypted.

Pay attention to the updates of equipment suppliers and service providers of installed software, fix vulnerabilities and update equipment functions in a timely manner.

Restrict the use of third-party software to protect and store data, and promote the abuse of equipment by the accountability system.

When the device is not using GPS, turn it off.

The jailbreak of the equipment is strictly prohibited.

If the device unlock password error 10 times (the number of times according to the company's security indicators), the device will be erased.

If the password can be unlocked by the device, you must use a strong password (English case + numbers + special characters), and the use of gestures is strictly prohibited (to prevent others from snooping on unlocked gestures).

Encrypt the company files in the device.

If the device is no longer used, the data stored in it will be reasonably erased and the device will be properly processed.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.