iOS, iPhone & iPad Device Hardening Guideline

As organizations increasingly relies on iPhones and iPads for mobile communication and productivity, it is essential that Information Security establish proper security and privacy guidelines to safeguard company and personal data. This document serves as a hardening guideline for the safe and secure use of the iOS operating system running on iPhones and iPads from a cybersecurity and privacy perspective.

1. Device Configuration:
   • Enable a strong passcode: Set a complex passcode consisting of at least 8-12 alphanumeric characters. Avoid common patterns or easily guessable passcodes. To set a strong passcode, go to Settings > Face ID & Passcode > Change Passcode.
   • Enable biometrics: Turn on Face ID or Touch ID as an additional security measure. This can be done in Settings > Face ID & Passcode or Settings > Touch ID & Passcode.
   • Enable auto-lock: Configure the device to auto-lock after a short period of inactivity (30 seconds to 1 minute). This can be done in Settings > Display & Brightness > Auto-Lock.
2. Data Protection:
   • Enable device encryption: Ensure encryption is enabled by default. This can be verified in Settings > Face ID & Passcode (or Touch ID & Passcode) > Data Protection is enabled.
   • Enable iCloud backup encryption: Enable encrypted backups by selecting “Encrypt [device] backup” in iTunes or Finder when connecting the device to a computer.
   • Use secure communication apps: Use company-approved secure messaging and calling apps that feature end-to-end encryption.
3. Network Security:
   • Disable automatic Wi-Fi connections: Turn off “Ask to Join Networks” and “Auto-Join” options in Settings > Wi-Fi.
   • Use VPN: Connect to the company’s VPN when accessing sensitive data or company resources. This will encrypt your network traffic and protect your data from eavesdropping.
4. Application Management:
   • Install apps from trusted sources: Only download apps from the official App Store, and avoid sideloading apps from unverified sources.
   • Regularly update apps: Keep all apps up to date to ensure you have the latest security patches. Enable automatic updates in Settings > App Store > App Updates.
   • Review app permissions: Check and manage permissions for apps, ensuring they have only the necessary access to your data. This can be done in Settings > Privacy.
5. Device Maintenance:
   • Keep iOS updated: Regularly update your device to the latest iOS version to ensure you have the most up-to-date security features. Enable automatic updates in Settings > General > Software Update.
   • Monitor battery health: A failing battery can compromise device performance and security. Monitor your battery health in Settings > Battery > Battery Health.
6. Incident Response:
   • Enable remote wipe: In case your device is lost or stolen, enable the “Find My” app to remotely lock and erase your device. This can be done in Settings > [Your Name] > Find My > Find My [device].
   • Report security incidents: If you suspect a security breach or compromise, immediately report it to the Information Security Team.

By following these guidelines, we can ensure the security and privacy of our company’s data and resources on our iPhones. If you have any questions or concerns, please do not hesitate to reach out to the Information Security Team for assistance.