Skip to content
Remote work
Foundation·4 min·DE · EN

Smartphone & BYOD

Your phone is the invisible office door - with authenticator apps, MFA codes, and saved contacts. Here is the maintenance checklist.

Why the smartphone is special

Your phone runs authenticator apps, work email, cloud storage, contacts, GPS history. If the phone gets compromised, more than one device falls - many accounts fall at once. Three areas decide your phone security: locking behavior, app hygiene, and the plan for loss.

01

Lock + biometrics

PIN with 6+ digits plus FaceID/fingerprint. Auto-lock after 30 seconds. Never put it down unlocked.

02

Apps from official stores

Apple App Store, Google Play, occasionally F-Droid - nowhere else. APKs from the web are 80 % malware.

03

Enable lost-device mode

Test Apple 'Find My' or Google 'Find My Device' before travel. When loss happens, you must be able to lock and wipe instantly.

Lock and biometrics - the basics

  • PIN/code: At least 6 digits, no birthday, no obvious sequence like 123456.
  • Biometrics: FaceID or fingerprint in addition. Convenient and secure.
  • Auto-lock: 30 seconds of inactivity. At a café, that's a quick bathroom break.
  • Lock-screen content: Turn off mail and message previews on the lock screen. Don't show MFA codes in the lock screen.

Whoever gets your unlocked phone can reset many accounts - "forgot password" → SMS code → arrives on the unlocked phone.

App hygiene

  • Check the source: Apple App Store, Google Play - that's it. No APKs from forums or links in emails.
  • Check permissions: A flashlight app that asks for contacts and microphone is malware. Periodically review and revoke in settings.
  • Delete apps you don't use: fewer apps = smaller attack surface.
  • Allow updates: auto-update for apps and OS. Delayed updates are vulnerabilities.

BYOD - when private and work share one device

Many companies allow BYOD (Bring Your Own Device) - usually paired with an MDM (Mobile Device Management) solution. What MDM does:

  • Isolates work apps in a protected area (container, "work profile").
  • Controls data exchange between private and work zones.
  • On loss, wipes the work zone selectively without touching family photos.

If your employer uses MDM: please trust it. This is mutual protection - not surveillance of your private messages.

Loss - the first 10 minutes

  1. Locate immediately via Apple "Find My" or Google "Find My Device".
  2. Lock through the same function.
  3. Notify IT - they can wipe corporate data from their side.
  4. Re-issue MFA codes for important accounts (backup codes from the safe).
  5. Rotate passwords for any account active on the phone.
Real case - SIM swap after loss

A manager loses his phone at the airport. He notices only hours later. The finder calls the carrier with a few publicly available data points and has a replacement SIM activated. Now all SMS-based MFA codes land with the attacker. Within two hours the email account is taken over, the personal banking emptied.

Lost-mode in the first minutes and replacing SMS-MFA with authenticator apps - either would have prevented the damage.

The three reflexes

  1. Never hand over the phone while unlocked.
  2. Apps from official stores only, updates automatic.
  3. Lost-mode set up in advance - loss happens, not "if".

Training catalogue

See more modules

12 modules covering phishing, MFA, compliance, and remote work.

View catalogue →

Member area

With quiz and certificate

Track progress, complete the quiz, get your PDF certificate.

Sign in →

Ready to take awareness seriously?

30-minute demo. We'll show you a real phishing campaign, a quarterly report, and the NIS2 mapping - for your industry.

Book a demoContact us