Kenneth van Wyk: Shutting down security gotchas in iOS 6
What to do if you have data on your iPhone or other iOS device that you want to protect
Computerworld - I and many of my fellow iOS users spent some time last week upgrading our iPhones, iPads and/or iPod Touches. If you are among those people, or even if you're one of the cautious souls who decided to wait before downloading iOS 6, you probably want to know what security gotchas await and what you can do to keep from getting burned.
First off -- and admittedly this is true of all iOS devices, not just those upgraded to iOS 6 -- the single most important thing you as a consumer can do to protect your data on your iOS device is to use a strong passcode. (Go to Settings --> General --> Passcode Lock, then "Turn Passcode On" and turn OFF the "Simple Password" toggle.)
While you're on that Passcode Lock screen, you might also want to tweak the Require Passcode setting by selecting a brief period of time before the device locks itself. "Brief" can be as short as "immediate." The downside is that you have to enter your passcode every time you let your device rest a bit. It's a trade-off between convenience and security. I suggest going with as short a time period as you can stand. Start short, then turn it up a bit if it really annoys you.
Why does this matter? Why isn't a four-digit PIN adequate? Because a lost or stolen device with a weak passcode puts all the data stored on the device at risk, as well as anything on iCloud or other network services you use.
And the passcode isn't just for locking and unlocking the device. It is used as part of the encryption key for data on the device (such as your email and app data that has "full protection"). If you use a simple PIN, an attacker won't have a hard time breaking that encryption and getting to your most sensitive stuff.
Of course, using a real passcode can be massively annoying. I use passcodes on my own iOS devices, and I'm not going to pretend it's never annoying. But that annoyance is nothing compared to the pain of having your data compromised. If the data on your device matters to you, there is no better single thing you can do as a consumer to protect it (other than not having the data on the device in the first place).
I also recommend turning off access to Siri and Passbook when your device is locked. This will prevent an attacker from getting into a lot of your data; if Siri can be accessed from a locked device, then an attacker could just say, "Siri, what appointments do I have today?" for example. I write more about Passbook below, but if you're using it for anything important (such as payments or boarding passes), this setting will prevent an attacker from getting access to that data when the device is locked. Note that these are not the default settings, so you need to change them if you want to lock attackers out in this way. (Both of these things can be done on the Passcode Lock screen of General Settings.)
More by Kenneth van Wyk
- Kenneth van Wyk: Apple's big fail
- Kenneth van Wyk: After Snowden
- Kenneth van Wyk: Target breach underscores how backward U.S. payment tech is
- Kenneth van Wyk: Enjoy your trip, but protect the data you take with you
- Kenneth van Wyk: Lingering faults with security by default
- Kenneth van Wyk: High hopes for iPhone's Touch ID
- Kenneth van Wyk: Why mobile apps beat Web apps for privacy
- Bug bounties: Bad dog! Have a treat!
- How to avoid Big Brother's gaze
- The true root causes of software security failures
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- Survey Report: Mobile Content Security and Productivity Read this report to learn how important mobile access is to users, how likely they are to by-pass authorized systems, how compliant current...
- Enterprise Mobility Management: A Data Security Checklist This document presents a checklist of features organizations should review when evaluating a data security solution as part of an enterprise mobility management...
- BYOD File Sharing - Go Private Cloud to Mitigate Data Risks Read this whitepaper to learn the security risks associated with not having an IT endorsed file sharing solution, and why your organization should...
- Mobile Device Management Buyers Guide Mobile device management (MDM) solutions allow IT organizations to centrally manage, monitor and support mobile devices. In this guide, you'll learn what you...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Mobile Security White Papers | Webcasts