Skip to main content

Device & Endpoint Physical Security › Mobile Device Physical Security

Mobile Device Physical Security

Smartphones and tablets now carry as much sensitive corporate data as laptops — email, documents, authentication tokens, VPN credentials, and access to cloud applications. Their small size makes them far easier to lose or steal than laptops, yet many organisations apply weaker security controls to mobile devices than to traditional endpoints. Executives must ensure that mobile device physical security receives the same attention as laptop security.

Key Physical Risks

  • Loss and theft. Mobile devices are lost at dramatically higher rates than laptops. Restaurants, taxis, airports, and gyms are the most common loss locations. Each lost device is a potential breach.
  • Shoulder surfing. Small screens used in public spaces are easily observed. Sensitive emails, passwords, and MFA codes can be captured by an attacker standing nearby.
  • Unattended devices. A device left unlocked on a desk or table for even 60 seconds can be accessed by an opportunistic attacker to install malware, read messages, or exfiltrate data.
  • Charging station attacks. Public USB charging stations can be modified to extract data or install malware — a technique known as “juice jacking.”

Protection Controls

  • Strong lock screen. Enforce biometric authentication (fingerprint or face) plus a minimum 6-digit PIN. Configure devices to lock automatically after 30 seconds of inactivity.
  • MDM enrolment. Require all devices accessing corporate data to be enrolled in a Mobile Device Management solution that can enforce encryption, monitor compliance, and execute remote wipe.
  • Containerisation. Separate corporate data from personal data using work profiles or containers, ensuring that corporate data can be wiped independently of personal content.
  • Privacy screens. Provide privacy screen protectors for employees who frequently handle sensitive information in public spaces.
  • Charge-only cables. Issue data-blocking USB cables or portable battery packs to eliminate juice-jacking risk when travelling.

Action Steps:

  1. Confirm that all mobile devices accessing corporate data are enrolled in your MDM solution.
  2. Enforce automatic screen lock after 30 seconds of inactivity across all managed devices.
  3. Issue data-blocking USB cables or portable chargers to employees who travel frequently.

Quick Knowledge Check

  1. What is juice jacking and how is it prevented?
    Juice jacking is an attack where a modified public USB charging station extracts data or installs malware on a connected device. It is prevented by using data-blocking USB cables or portable battery packs instead of public charging stations.
  2. Why is containerisation important for mobile device security?
    Containerisation separates corporate data from personal data, allowing the organisation to remotely wipe corporate data from a lost device without affecting the employee’s personal content.