Encrypted mobile devices

Team members have disk encryption on their phones and tablets? Yes / No

A lost device, when encrypted, cannot lead to any kind of compromise. Even if the device were not to contain sensitive data per se, it could contain active email inboxes and team chats, leading to further account compromise and phishing.

The device should be protected by password and a not-easily guessable pattern or easily foolable fingerprint scanner.

Note

Having any kind of online recovery option for a forgotten device password is unsafe. In the case of a forgotten password, the device should be wiped and factory reset.

Note

Remote wiping tools give almost zero protection in the case of a lost device. It’s trivial to take a mobile device offline and extract data from a powered-down device.

Applies for: Everyone

Links:

• Encrypt your data on Android (Google)
• iOS: Understanding data protection (Apple)
• How To Bypass Android Lock Screen (Übergizmo)
• iPhone 6 Touch ID Fingerprint Scanner Hacked Days After Launch