The popularity of the iPhone combined with the small form factor of the device make it a prime target for thieves, and also make it highly unlikely that a lost iPhone 4 would be returned to its rightful owner. Make sure you set the security settings on your iPhone 4 to protect your sensitive business data and personal information.
The iPhone 4 comes in 16GB and 32GB versions--both significant amounts of memory when it comes to storing sensitive information. E-mails, SMS text message threads, access to Facebook, Twitter, LinkedIn and other social networking apps, or instant messaging clients could all potentially be compromised as a result of a lost or stolen iPhone 4. Depending on the information, the impact could extend beyond exposing personal data and possibly have regulatory compliance consequences as well.
Thankfully, the iPhone 4 does have some security controls in place to help protect your data in the event the smartphone is lost or stolen. However, the security controls only provide value if they are actually enabled and configured. Here are some security features you should be aware of.
• Passcode Lock. Tap on the Settings icon, followed by General to get to the Passcode Lock settings. Tap the button to Turn Passcode On. You will then need to set the passcode. By default, the iPhone will request a four-digit passcode (which must be entered twice for verification).
• Require Passcode. Having a passcode offers little protection if the passcode isn't required. Tap on Require Passcode and choose a timeframe for how long the iPhone 4 can be idle before the passcode will be required to access it. The iPhone 4 offers a range from immediately to one hour. An hour may be too long--giving a thief ample time to access the device before it kicks in--and immediately may be too short--forcing you to log back in every time you pick up the iPhone. Find a balance that works for you and set the Require Passcode timeframe.
• Simple Passcode. As noted above, the iPhone 4 relies on a simple four-digit numeric passcode by default. For better security, turn off the Simple Passcode option. Once the Simple Passcode option is disabled, the iPhone will request a new password which can be significantly longer than four characters, and can be comprised of uppercase and lowercase letters, numbers, and special characters.
• Enable Auto Erase. Swipe to turn on the Erase Data feature. With this feature enabled, all data on the iPhone will be erased after 10 failed passcode attempts. Assuming your iPhone is backed up when syncing with iTunes, recovering the data should not be a major undertaking if you get the device back, but enabling Erase Data will ensure that an unauthorized user can't simply continue guessing at the passcode until they get the right one. It would be nice if Apple also allowed the number of failed attempts to be configured--I would prefer to erase data after five failed attempts--but 10 should be sufficient to prevent all but the luckiest thief from guessing your passcode and gaining entry to the iPhone.
In an enterprise environment, these security settings can be set through Exchange policies or with Configuration Profiles. Apple offers an iPhone Configuration Utility for Windows, as well as one for Mac OS X.
However, many iPhones are used by business professionals in business settings, but aren't provisioned or managed at an enterprise level. In those situations, make sure you explore the security features and follow the advice above to prevent unauthorized access and protect the data on the iPhone.
It is worth noting that the iPhone security controls are not impenetrable, though. A hole was recently discovered allowing an attacker to bypass the passcode security. But, enabling the security features will still provide significantly more protection than not enabling them, and will prevent casual thieves from accessing the device.