iOS Security Tips Part 1: What End-Users Can Do

It was a stupid mistake that almost cost me dearly. One morning this summer, I was headed into Toronto on a Via Rail train, using the on-board Wi-Fi to catch up on some reading and e-mails on my iPad. As the train pulled into Union Station, I got up with the other bleary-eyed commuters and mindlessly followed them down the stairs and into the teeming downtown rush.

It took about 15 minutes before I realized I had left my iPad back on the train. It was bad enough that I was at risk of losing $700 worth of hardware, but it was even worse that whoever “found” my machine would potentially have the keys to my entire online life. Despite the fact that the iPad had a passcode lock on it, I had left my Gmail, Twitter and Facebook clients open before forgetting the device on the train. I was one four-digit code away from someone obtaining access to my entire online destiny.

As I panic-ran back to the station, I managed to change the passwords to all my accounts from my BlackBerry. A few minutes later, I managed to snag a sympathetic gate agent who called the train over his radio, walked me back to the platform and fetched my iPad from my seat. Crisis averted, but the grey-hair-inducing affair got me thinking about the march of iOS devices into the middle of the business world, and the challenge companies of all sizes now face in keeping all that Apple hardware secure.

If you use your iOS-based device at work and you want to ensure your device remains secure, keep the following simple and easy-to-implement tips in mind:

Use the passcode. It may be inconvenient to type in a four-digit passcode every time you want to use your device, but it’s often the last layer of protection for your data if your device is lost or stolen. Change it often, and don’t forget to wipe your screen clean regularly – repeatedly entering the same sequence can leave telltale smudges on the glass and make your code easier for a stranger to guess.

Get tough on passwords. Apps and services that feature password functionality should have it enabled. Use strong password protocols – including monthly updates, mixed upper- and lower-case letters, special characters and numbers, avoiding common phrases or words, and setting up unique passwords for each app.

Tighten access to Siri. By default, the Siri voice command interface can be accessed directly from the lock screen. This can allow an unauthorized user to access virtually any Siri-controllable app or service on the device. Disable this in the Siri section of the general settings tab to prevent unauthorized access.

Activate the “Erase Data” feature. The passcode lock section of the general settings menu contains this option which, when turned on, erases all data on the iOS device after 10 incorrect passcode attempts. If you’re regularly syncing your device, this should be a no-brainer.

Keep it updated: iOS makes it easy to keep your system software and applications updated. Be sure to install the latest App and OS updates pushed to your device to ensure the latest security fixes and patches are applied. Hackers often target older, less secure installations.

Use the ‘Find my iPhone’ app. This should be setup and activated on all iPhones, iPads and iPod touches. If your device is lost or stolen, it uses iCloud to allow owners to locate and remotely control their hardware. “Lost mode” lets you lock the device, send it a phone-home message, or even wipe everything from the device.

The bottom line
While iOS devices were originally designed with consumers in mind, the bring-your-own-device (BYOD) revolution means they’re being used in business or enterprise settings with ever growing frequency. Fortunately, with a few simple and easy-to-implement changes to our everyday behaviours, we can easily tighten the security of our iOS-based devices.

We’ll continue to explore iOS security in the weeks to come, with additional perspectives on how companies themselves are addressing iOS security, and how cross-platform processes are already helping companies like yours minimize the risks associated with widespread mobile device deployment.

What other things are you doing in your own work environment to keep your iOS devices secure? Let us know via the comments section below.