If you’re not sure which iPhone security settings to change, you’ve come to the right place. Below are our favorite tips for small and midsize businesses to better protect company data on iPhones. There is one very important step for companies to take first: make sure you are using a Mobile Device Management (MDM) system. This will allow you to enforce some of the security rules we’ll discuss below.
And as for your personal iPhones and iPads? The security settings below absolutely apply as well. Let’s get started.
Android users – we got you covered! https://adeliarisk.com/10-android-security-settings/
Below are 11 important iPhone security settings – and honestly, you should set aside a few minutes to get this all done. It’s important!
Follow these instructions to set up a strong passcode: https://support.apple.com/en-us/HT204060
In general, the longer and more complex the passcode, the better. Do not use your date of birth, phone number, or ID number. Fingerprint and face ID are fine to use as well.
Good news: you don’t need to worry about setting up encryption on your iPhone or iPad. It’s already turned on by default IF you have set up a passcode.
follow these instructions to set your device to auto-lock as quickly as possible: https://www.iphonelife.com/content/tip-day-how-change-your-iphones-auto-lock-time
Always apply security updates as soon as you are prompted to do so.
If your device is ever lost or stolen, you can use this feature to locate the device. You can even use it to remotely wipe the device, which is very handy if it contains PHI. Follow these instructions to turn it on: https://support.apple.com/en-us/HT205362
Follow these instructions to set up your device to delete all of your data if you get 10 failed password attempts: https://www.iphonelife.com/content/how-to-set-your-iphone-to-erase-all-data-after-10-failed-passcode-attempts
While having a backup is not a requirement for cyber security, you will be very thankful you have a backup if your phone is lost, stolen, or damaged.
Medical practices that need to comply with HIPAA regulations: Look at what Apple backs up from your iPhone: https://support.apple.com/en-us/ht204136
If you are confident that your backup will not contain PHI, then feel free to use iCloud Backup.
If you are not confident, use local iTunes backup, but make sure to turn on encryption: https://support.apple.com/en-us/ht205220
Follow these instructions: https://support.apple.com/en-us/HT204915
While it’s debatable whether these items are required to keep your phone secure, you may want to review them to see whether they’re set appropriately for your business:
If you don't do this, thieves can change the iPhone SIM and put it in another unlocked phone. Once they have your SIM in another phone they can request an SMS code for resetting the password to all your accounts. Follow these instructions to set up a PIN on your SIM card: https://support.apple.com/en-us/HT201529
Accessibility permissions are incredibly powerful and can lead to malware taking action on your behalf, from inside your apps. Regularly review the permissions that each app has been granted and ask yourself if there is a good reason each app has the permissions that it does. Go to Security > Privacy > Location Services.
Profiles can be more dangerous than malware on iOS since they give attackers access to more of the device than just one app, and they are not vetted to the same extent as apps entering the App Store. Follow these instructions to check your configuration profiles and run any that are unknown by your IT provider - https://support.apple.com/guide/iphone/install-or-remove-configuration-profiles-iph6c493b19/ios
The iPhone security settings in this article are important for company and personal devices. Companies should add another layer of protection by utilizing a Mobile Device Management System (MDM). At a minimum, MDM should allow you to enforce passcode usage, and allow you to wipe company data off of a lost/stolen device.
Guiding clients towards the right MDM option and other cybersecurity solutions is part of our Virtual CISO service. We’ll find the gaps and help you strengthen your cybersecurity posture.
Leave a Reply