Protect a device

Enable encryption

Is the device encrypted? *
  • make sure the device has a screen timeout to lock when not in use, 15 minutes or less
  • ensure the device can only be unlocked using a secure PIN
  • ensure the device has encryption activated
  • Sensitive data and applications are easily accessible from your phone without a PIN and encryption

Install anti-malware

Does this device have anti-malware installed? *
Malware can lead to a data breach

Audit user accounts

Have you audited the accounts on this device? *
  • Confirm that user accounts only exist where required
  • Ensure user accounts have appropriate privileges
Privileged user accounts present a security risk

Limit physical access

Do you ensure that the device cannot be accessed by unauthorised people? *
  • do not leave the device unattended in a location with untrusted people
  • ensure that the device is in a locked location when not in use
It is often easy to bypass the login and access files on an unencrypted device

Protect remote access

Is all remote access to the device protected with a VPN? *
  • Ensure the server is only accessed via a VPN
  • If practical in your situation, configure firewall to only allow connections from trusted IPs
  • Sensitive data can be intercepted if the connection to the server is unencrypted

Use a strong password

Does the device have a strong password? *
  • the device password should meet the guidelines in your security policy
    • use long passwords and passphrases, including spaces and all printable characters
  • check the proposed password at haveibeenpwned.com
  • Re-using passwords across devices or using passwords that can be guessed like family birthdays could allow unauthorised access to the device
  • Weak passwords can be broken using brute-force techniques

Encrypt website traffic

Have you implemented measures to protect data in transit? *
  • enable HTTPS-only mode in your browser
    • you will be asked to confirm visiting websites that don't offer HTTP (approx 25% of sites in 2021)
    • it is generally safe to do so, but you should not enter credentials or access sensitive information on non-HTTPS sites when on a public network
  • avoid public networks
    • particularly for sites that require require you to log in
    • use a VPN or hotspot your phone if you must connect away from your network
  • Credentials can be intercepted if sent on an unencrypted WIFI network
  • Putting your device on a public WIFI network makes it easier for a hacker to attack

Perform and test backups

Do you regularly perform and test backups? *
  • Set up backups:
  • Backups must be protected from ransomware:
    • cloud backups should have the ability to roll back to a previous version OR
    • local backups be stored disconnected from the device and network, preferably off-site
  • Schedule backups:
    • set a recurring reminder to perform backups of this device OR
    • automate the backup
  • Schedule tests:
    • set a recurring reminder to perform backup restoration tests
  • Ransomware can encrypt your files
    • Folders that automatically sync to the cloud will also sync files that locked by ransomware
    • check that the cloud provider will allow you to revert to an unencrypted version before the sync

Enable logging

Is logging enabled on this device? *
  • Enable logging on the device
  • Logging allows investigation into possible data breaches

Encrypt the network

Is this network encrypted with a current algorithm? *
  • Ensure the network is using an acceptable level of encryption (WPA2 or higher)
  • Hackers can eavesdrop on unencrypted WIFI traffic
  • WEP encryption is insufficient and easily broken

Implement failsafes

Is this device protected against power failures? *
  • ensure the device will continue to function during a power outtage
  • Devices should remain usable during power outtages

Prevent unauthorised connections

Do you regularly check for unauthorised devices on the network? *
  • Schedule checks for unauthorised devices
  • Rogue devices on the network may present a security threat

Enable automatic security updates

Does this device have automatic security updates enabled? *
  • enable automatic updates for security patches on the operating system
  • hackers can look up and exploit known vulnerabilities in older versions of software

Enable 'find my device'

Is 'find my device' enabled? *
  • enable 'find my device' functionality
  • conduct a test of device location
  • unencrypted devices being lost or stolen may lead to unauthorised access to sensitive information