General security

Android security: 7 tips and tricks to secure you and your workforce [updated 2021]

Dan Virgillito
June 22, 2021 by
Dan Virgillito

Concerned about Android security in your workplace? You should be. Cybercriminals target Android phones more often due to their various entry points. For instance, in December last year, security firm Check Point discovered a vulnerability in thousands of Android apps that allows hackers to steal users’ credentials and financial data. Besides, adversaries can leverage browser vulnerabilities, untrusted APKs and other rouge endpoints to access data on Android phones.

One good thing about Android is that the operating system is open-source, which means you can make your device as airtight or as secure as you deem fit. With that in mind, here are some Android phone security tips you can implement to improve your device’s defenses and enhance security throughout your company.

7 Android security tips for 2021 

1. Let Android look for threats

Did you know that Android can monitor a device for suspicious activity or harmful code? You can instruct it to monitor yours by going to Android security settings, tapping the line called “Google Play Protect,” and ensuring that the option of “Scan device for security threats” is checked. Make it a policy so that everyone in your company has this option enabled. 

2. Be wary of permission requests

Android gives you the option to separate work apps from third-party apps by setting up a work profile, but don’t take this as a license to sleep on third-party app security. Make sure they’re not accessing data that seems beyond necessary. Some red flags include permission requests for accessing your contacts, GPS and external storage. Make employees revisit their app permissions by opening up “App & Notifications” in system settings, tapping “Advanced” > “Permissions manager” or “App Permissions”’ 

3. Enable find my device

Like Apple, Google offers a find my device feature for Android handsets. Activating it can help you pinpoint the location of your gadget when it’s out of sight. Although you might not be able to get your phone back if it’s stolen, you’ll quickly learn that it’s not within company premises, after which you can remotely lock or wipe the handset from the find my phone dashboard. To activate this option, go to Android security settings, choose “Security” > “Find My Device,” and activate the toggle on top of the section. 

4. Look into Google’s advanced protection program

Google recommends this program for any Android user who’s at an elevated risk of cyberattacks. Examples include IT admins, business leaders and anyone else storing sensitive information on their handsets. Advanced protection safeguards your device by requiring security keys to sign in to access your Google data, conducting extra checks on downloads and only allowing apps from verified stores. Enrollment requires users to purchase two security keys and register them to their Google account. Although it’s unrealistic to buy these for everyone, you can consider investing in them to help protect the devices of your high-level employees. Keys are available from Google itself and YubiKey.

5. Use safe browsers

Android’s default browser, Google Chrome, can be the gateway to security threats. Since it stores a lot of sensitive information (including user passwords), it’s an attractive endpoint for hackers. The smallest of vulnerabilities in Chrome could see you part ways with precious company information. To ensure your data remains safe while you and your staff work on different tasks, consider having everyone use a safer browser like Brave or Firefox Focus. Such browsers delete all traces of history as soon as you close them. Plus, they block third-party scripts, ads and trackers to help keep your information protected. 

6. Consider a VPN

If any of your employees are working remotely, they’ll likely connect their phone to an unsecured Wi-Fi network at some point. If a hacker is present on a network, they’ll be able to intercept all the sensitive information the worker transmits over the network. Fortunately, you can use a virtual private network (VPN) to stop adversaries in their tracks. VPN technology encrypts all the outgoing and incoming data over a network so that no one can intercept it at a network level. In simpler terms, it makes you anonymous online. Various companies offer user-friendly VPN apps at affordable prices, so you can get some and share the credentials with your remote team.

7. Invest in Android Enterprise Essentials

Android Enterprise Essentials is a device management service from Google. It offers key security features like screen lock enforcement and always-on malware protection to keep devices protected. The features are already present on devices available from eligible resellers and can’t be deactivated by your employees. You can visit android.com/enterprise/essentials to see a list of available resellers. As the devices come protected, out of the box, employees don’t need to configure any settings on their end. According to Google, Enterprise Essentials is designed for companies with smaller budgets, so it can be an ideal Android security solution for SMBs.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Secure your team’s Android devices 

Because of their vulnerabilities, popularity and potential payoff, Android devices have long been a prime target for cybercriminals. Although Android has seen vast improvements over security issues in the past few releases, there’s always something a user could do to strengthen its defenses further. Hopefully, the above android security tips would help improve device security for every Android user in your company.

 

Sources:

  1. Many Android apps still use a vulnerable Google Play Core library version, SlashGear
  2. Why and how I enrolled in Google’s Advanced Protection Program, IT PRO
Dan Virgillito
Dan Virgillito

Dan Virgillito is a blogger and content strategist with experience in cyber security, social media and tech news.