NSA Mobile Device Best Practices - Mobile Security Briefing 2023.091

The National Security Agency (NSA) maintains a list of NSA Cybersecurity Advisories & Guidance and recently released a list of Best Practices For Securing Your Home Network. These are certainly worth taking a look at and for folks worried about downloading a PDF from the NSA, I’ve listed the primary recommendations at the bottom of this blog.

While reviewing the document, though, I noticed a link to their Mobile Device Best Practices and wanted to pass that along as well. While some of the best practices are more geared towards people working in a classified environment, many of them are indeed just best practices. While I understand not wanted to be ever vigilant (or paranoid!), here are a few of the best practices that I regularly follow:

  • Avoid public Wi-Fi. Today, mobile networks are so fast I generally find it easier to just use my device’s network. I also try to tether my laptop with my laptop vs. connecting to public Wi-Fi.
  • I always apply software updates when they are available as many of them patch known (and sometimes actively exploited) security issues.
  • Use biometrics as people can shoulder surf and discover your passcode which can lead to complete digital takeover.
  • Generally avoid clicking on links in text messages as this is a common vector for identify theft and more.
  • Only charge your device with a charge cord you own and preferable plug into a power outlet (vs into a device you don’t trust)

Best Practices For Securing Your Home Network

Here’s a summary of the recommendations but really, it’s OK to download their PDF and check of the full recommendations and the rationale behind them! :-)

Recommendations for device security

  • Upgrade to a modern operating system and keep it up-to-date
  • Secure routing devices and keep them up-to-date
  • Implement WPA3 or WPA2 on the wireless network
  • Implement wireless network segmentation
  • Employ firewall capabilities
  • Leverage security software
  • Protect passwords
  • Limit use of the administrator account
  • Safeguard against eavesdropping
  • Exercise secure user habits
  • Limit administration to the internal network only
  • Schedule frequent device reboots
  • Ensure confidentiality during telework

Recommendations for online behavior

  • Follow email best practices
  • Upgrade to a modern browser and keep it up-to-date
  • Take precautions on social networking sites
  • Authentication safeguards
  • Exercise caution when accessing public hotspots
  • Do not exchange home and work content
  • Use separate devices for different activities