GDPR for Psychotherapists - Technical issues; mobile phone security

/

Next >

< Previous

One in a series

This is one in a series of interconnected blogs about applying the Data Protection Act (2018) and GDPR(2016) laws for psychotherapists in the UK. The blogs are somewhat independent, but it would be best to first read the Overview and Introduction blogs, to orient yourself to the wider context and give background.

No affiliation

I do not get paid for, or get any other consideration, and don't have any affiliate arrangements with the organisations, companies or individuals I mention or their products or services. I do use many of the software applications I mention, but receive no discount or anything for mentioning them.

Recommendations for securing your mobile

In general Android-based mobiles are held to be less secure than iPhones. There is some truth to that, but what androids and iPhones have in common, is that there usually are a number of things you can do to make them properly secure, and without them they provide a very insecure and risky environment. If you take most or all possible measures on an Android phone, and if it has the latest Android version installed as Operating System, you can achieve more or less the same security as with iPhones - but it takes considerably more actions to achieve that.

iPhone

For an iPhone these are the measures to put in place; these are in no particular order; they are all desirable and important:

  • Lock your phone - require a passcode. Utterly essential. A strong password (e.g. 10 random characters) or a 6-digit pin. Finger identification and FaceID remain linked to a passcode.
  • Only install and / or buy apps via the App Store
  • Keep your phone's OS ("iOS") updated as soon as updates come out.
  • In Settings, limit Notifications so that incoming messages are not shown when the screen is locked
  • Under your username and iCloud, enable "Find My iPhone"
  • In Settings > TouchID/FaceID and Passcode, enable the setting that erases all data after 10 failed passcode attempts.
  • Install and use a password manager
  • Never share your password with anyone
  • Backup your phone. And realise that if you backup locally, it should be to an encrypted environment. If you backup to iCloud, be aware of, and report in your Privacy statement, that Apple has access to it.
  • Wipe your data securely when you dispose of the phone. Don't leave a SIM or SD card in the phone.

Android phones

For an Android these are the considerations and measures; they are in no particular order; they are all desirable and important :

  • Make sure you have a brand that keeps your Android system updated and that makes regular security updates.
  • Lock your phone. Use a strong password (e.g. 10 random characters) or a 6-digit pin. Finger or face identification are only linked to the passcode, and do not replace it.
  • Never use "smart lock"
  • Use 2FA for your Google account, if you have one.
  • Only install and / or only buy apps via Google Play Store
  • Go to Settings > security > encrypt, and encrypt your phone
  • Use antivirus software e.g. Avast mobile or Norton Mobile. Or one of many others; perhaps the same as on your laptop.
  • Keep your phone's Operating System updated as soon as updates come out.
  • Consider anti-theft apps, e.g. Cerberus (strongest), Play Protect, or at least Find my Device.
  • Consider AppLock for your more sensitive apps - in any case for encrypted messaging such as Signal or wire.
  • Use settings > notifications > lock screen > hide sensitive only. Make sure that there are no popups or notifications that show the content of messages (e.g. security numbers) when the phone is locked down
  • Install and use a password manager
  • Never share your password with anyone
  • If you ever hand off your phone, use screen pinnng
  • Back up your phone; to a place which is encrypted and / or secure. If you backup to Google, be aware, and report in your Privacy statement, that Google has access to your data
  • Wipe your data securely when you dispose of the phone. Don't leave a SIM or SD card in the phone.
  • If you have an additional SD card in the phone, see if you can encrypt it and use it in encrypted form

https://www.zdnet.com/article/the-ten-best-ways-to-secure-your-android-phone/

https://bdtechtalks.com/2017/11/14/how-to-protect-your-android-phones-sensitive-data/

https://android.gadgethacks.com/how-to/android-security-101-protect-your-data-case-your-phone-gets-stolen-0181081/

https://www.pcauthority.com.au/feature/10-ways-to-harden-the-security-on-your-android-phone-447215