HR Jetpack

Best Practices

This video is premium content

Register or sign in to gain access.


Best Practices

Lesson Content

In this section I’m going to cover a baseline of security steps you should take on your computers, smartphones, and tablets. At times the terminology may seem unique to one platform or another, but the principles are mostly universal.

Rule number one is that the Lock-screen should lock down your device. It may sound silly, but many people seem to have lost sight of just why you have a lock-screen on your device in the first place. Lock screens come in different flavors and with different features but generally it is the device’s version of a login screen. It is meant to prevent any one other than you from unlocking your device. Someone who picks up your phone on a park bench shouldn’t just be able to swipe and get in, and the same goes for someone who sits down at your workstation and just presses enter to bypass the login step.

With that in mind, here are some common lock screen protection options ranked from best to worst. First is the fingerprint. This is the best example of a low likelihood of being compromised with ease of entry. A fingerprint scan takes less time to enter than a password or a pin, while being a highly complex unique identifier.

Next is the password. Typically, longer and more complex than a pin. The downside is that because it is the most complex, it takes the longest to enter. Memory is also a problem, and you cannot access a password manager from the the lock screen of a device.

The password is followed by a pin. Probably the most popular method, and for good reason. A 4 or 6 digit pin is pretty easy for most people to remember and doesn’t take long to enter. It is also reasonably unlikely to be guessed.

A low-tier option is pattern unlock offered on many touchscreen devices: It is simple enough to connect the dots with your finger, however it can be fairly easy to crack. There also just fewer variables than most other protection methods.

A final option is one you should never use, Face Detection or Facial Recognition. To say it is flawed is an understatement. This method can be fooled by using a photograph of you. It can also incorrectly identify someone who looks similar to you, such as a family member, or just otherwise fail to recognize that it is someone other than you. Facial recognition is not a reliable way of protecting a device and should be avoided.

Chose the solution which best fits the way you use your device. The goal is to find the balance between convenience and security. If the method is too much of a hassle, you will end up turning it off. A good solution is one that works for you without you ever having to think about it.

Rule number 2 is to keep the device up to date. Updating was one of my global principles because it is just vital to run the latest, most secure version. Many people postpone the updates, especially on mobile devices, because they can be time consuming and a hassle. The downloads are large and sometimes require you to make space on the device. It is worth the time and effort because those updates are packed with security enhancements. Look for notifications about Android or iOS and make sure to upgrade as soon as possible.

Rule number 3 is to remove unused apps. On any computer, it is a good idea to keep only the applications you are going to use. Unused apps aren’t just taking up space, but typically on smartphones they have permissions to access your data. Some apps can backup photos, access your contacts, or track your location. These permissions are unfortunately the cost of doing business when it comes to smartphone ownership, however you should take whatever steps you can to limit just how many apps are using your private information. The fewer, the better.

Rule number 4 is to Turn On “Find My Phone” or “Find my Device” tools. If your device goes missing, you need to be able to locate it remotely and then be able to wipe the device if necessary to protect your private data. Apple has “Find My iPhone”, on Google’s Android Devices the feature is called “Android Device Manager”, and Microsoft also has a device locator. Make sure these services are set-up and you understand how to use them before you ever have to. You can test them at any time without causing any harm.

Rule number 5 is to turn off any unused radios. Bluetooth, Near Field Communication, known as NFC, and WiFi should all be turned off unless you are connecting them to something. An open, unconnected radio is an invitation to an attacker, especially in public places like coffee shops, parks, and airports. This will save your battery while protecting you from being unnecessarily vulnerable.

Rule number 6 is don’t use public hotspots. The WiFi at a hotel, coffee shop, or public library isn’t the same as what you’ve got at home and the risks are dramatically different. Public WiFi often has poor security in order to make it easy for guests to access. These locations are desirable for attackers because they can often find ways to watch the traffic across the network and see personal data. Some WiFi hotspots aren’t controlled by the venue at all, and are put up by attackers for the sole purpose of capturing traffic.

As you can see, there are lots of simple things you can do to drastically reduce your risk profile. Staying safe online and on internet connected devices is about minimizing risk and taking reasonable precautions. “Zero trust” is a phrase that is used a lot in cybersecurity, and although it sounds cynical, it is good advice. Start from that place of zero trust: don’t trust other people around your devices, don’t trust app developers, and don’t trust the networks you connect to. Healthy skepticism is the best way to stay safe until the tech industry at large is able to better secure internet traffic.

Michael Wilson


Michael Wilson

Michael Wilson works with small businesses to build and protect their brands online. He is an IT Generalist whose primary services include: Web Design & Development, Cybersecurity Consulting & Training,...

Michael's Full Bio