If you’re not sure which Android security settings to change, you’ve come to the right place. Below are our favorite tips for small and midsize businesses to better protect company data on Android devices. There is one very important step for companies to take first: make sure you are using a Mobile Device Management (MDM) system. This will allow you to enforce some of the security rules we’ll discuss below.
And as for your personal devices? The security settings below absolutely apply as well. Let’s get started.
By the way -- are you an iPhone user? Here's an article for you! https://adeliarisk.com/11-iphone-security-settings/
Below are 10 important iAndroid device security settings – and honestly, you should set aside a few minutes to get this all done. It’s important!
Follow these instructions to set up a strong passcode: https://www.howtogeek.com/253101/how-to-secure-your-android-phone-with-a-pin-password-or-pattern/
Usually, the longer and more complex the passcode, the better. Fingerprint / faceprint are ok -- generally, these alternative modes of authentication are fine to use.
Follow these instructions to set your device to auto-lock as quickly as possible -- decrease instead of increase: http://smallbusiness.chron.com/increase-lock-out-time-android-30829.html
You don’t need to worry about setting up encryption on your Android if you’re running any version later than 8.0. It’s already turned on by default IF you have set up a passcode.
If you’re using a version below 8.0, it’s time to upgrade.
Your backup should be encrypted, especially if you’re in healthcare and need to comply with HIPAA. You can tell if it’s encrypted if you’re required to enter your phone PIN/passcode before backing up the data.
Always apply security updates as soon as you are prompted to do so.
If your device is ever lost or stolen, you can use this feature to locate the device. You can even use it to remotely wipe the device, which is very handy if it contains PHI. Follow these instructions to turn it on: https://www.google.com/android/find
Follow these instructions: https://safety.google/authentication/
This article can help: https://www.wired.co.uk/article/android-privacy-settings-oreo-security. Also consider the use of a utility that makes it easy to scan your privacy settings. Many people use Lookout, but don’t bother with their antivirus products.
If you don't do this, thieves can change the SIM and put it in another unlocked phone. Once they have your SIM in another phone they can request an SMS code for resetting the password to all your accounts.
Follow these instructions to set up a PIN on your SIM card: https://www.digitalcitizen.life/how-change-or-remove-sim-pin-android-2-steps/
Accessibility permissions are incredibly powerful and can lead to malware taking action on your behalf, from inside your apps. Regularly review the permissions that each app has been granted and ask yourself if there is a good reason each app has the permissions that it does. Follow these instruction: https://support.google.com/googleplay/answer/6270602?hl=en
The Android security settings in this article are important for company and personal devices. Companies should add another layer of protection by utilizing a Mobile Device Management System (MDM). At a minimum, MDM should allow you to enforce passcode usage, and allow you to wipe company data off of a lost/stolen device.
Guiding clients towards the right MDM option and other cybersecurity solutions is part of our Virtual CISO service. We’ll find the gaps and help you strengthen your cybersecurity posture.