Skip to main content

Protect Yourself with CISA's Mobile Device Cybersecurity Checklist

Mobile devices are an integral part of our daily lives. There are an estimated 298 million smartphone users in the U.S., making these devices an attractive target for cybercriminals. To address this growing concern, the Cybersecurity and Infrastructure Security Agency (CISA) has recently released the actionable Mobile Device Cybersecurity Checklist for Consumers.

You can easily implement CISA's guidance and best practices designed to address common cybersecurity challenges and build your capacity to reduce risks. Take these simple steps now to help strengthen your defense against cyber threats.

Keep your apps and devices up to date.

  • Update your platform (e.g., iOS, Android, Chrome OS). Enable automatic operating system updates to enhance your privacy/security and fix flaws.
  • Update your apps. Enable automatic app updates to ensure you are using the most current security technologies.

Use strong authentication.

  • Enable device authentication. Set strong login passwords/PINs and use biometric authentication where available.
  • Enable two-factor authentication for apps or websites that support it.
  • Protect your personal information, connected devices, and university data with Two-Step Login and LastPass secure password management.

Practice good app security.

  • Use curated app stores (e.g., App Store, Google Play). Disable third-party app stores, which can be vectors for the spread of malware.
  • Delete unneeded apps. Periodically review and delete apps that are unused or no longer needed.
  • Minimize PII in all apps. Limit personally identifiable information (PII) stored in your apps wherever possible or unnecessary.
  • Grant least-privilege access to all apps. Set the privileges on your installed apps to minimize access to data or phone settings (e.g., limit access to contacts or microphone).
  • Review location settings. Only allow an app to access your location when it is in use.

Protect your network communications.

  • Avoid public Wi-Fi. Cybercriminals can launch attacks over unsecured public Wi-Fi networks. Use CU VPN if public Wi-Fi is unavoidable.
  • Disable Bluetooth and GPS when not needed. Every connection is a potential point of attack.

Protect your device.

  • Install security software to help protect against malware.
  • Use only trusted chargers and cables and avoid public USB charging ports. A malicious charger can steal your data or load malware onto your smartphone that may circumvent protections and take control of your device. A phone infected with malware can also pose a threat to external systems like your laptop.
  • Enable lost device function. Configure settings to automatically wipe your device’s data after a certain number of incorrect login attempts (e.g., 10) and enable the option to remotely wipe your device.

Beware of phishing attempts.

  • Verify an email’s legitimacy before you open an attachment or link. See more at Spot Fraudulent Emails (Phishing).
  • Do not click on links in email from untrusted sources or your junk/spam folders. If a link leads you to a web page that asks for your username and password, verify that the web address is legitimate.

Was this page helpful?

Your feedback helps improve the site.