top of page
  • Linkedin
Search

Mobile phone security: 10 best practices from CERT-FR

  • Writer: Julien ROBERT
    Julien ROBERT
  • 5 days ago
  • 3 min read

Mobile phones have become indispensable tools, both in our personal and professional lives. Emails, instant messaging, access to business tools, sensitive documents… our smartphones now hold a large portion of our data.


However, they often remain under-protected , even though they are a prime target for cyberattacks : phishing, espionage, data theft, compromise of professional access, etc.


Faced with this situation, CERT-FR (the French government's computer attack monitoring, alert and response center), attached to ANSSI , recently published an official note listing 10 essential best practices for securing the use of mobile phones .

A valuable publication, still little publicized, which we have chosen to highlight.



Why mobile security has become a major issue


Today, a mobile phone can contain:

  • professional emails,

  • access to business applications,

  • passwords,

  • customer data,

  • even strategic information for a company.

The line between personal and professional use is becoming increasingly blurred, particularly in very small businesses and SMEs. If a smartphone is compromised, the consequences can be severe: data leaks, identity theft, unauthorized access to information systems, or even business interruption.

This is why mobile security must be considered as a full-fledged pillar of cybersecurity , just like workstations or servers.



An official recommendation from CERT-FR / ANSSI

The document published by CERT-FR is entitled:

📄 “Best practices for using mobile phones”

👉 Link to the official document: 🔗 https://www.cert.ssi.gouv.fr/uploads/CERTFR-2025-DUR-002.pdf

This guide is also intended for:

  • to individuals,

  • than to professionals,

  • and to organizations wishing to reduce the risks associated with smartphone use.


10 best practices for securing your mobile phone


1. Update your phone regularly

Always install system and application updates. They patch security vulnerabilities actively exploited by attackers.


2. Activate advanced security features

When the system allows it (e.g., enhanced protection modes), activate the hardening mechanisms offered by the manufacturer.


3. Avoid uncontrolled connections

Do not connect your phone to unknown chargers, computers or accessories, and beware of unsecured public Wi-Fi networks.


4. Remove unnecessary applications

The fewer applications you have installed, the smaller your attack surface. Uninstall those you no longer use and limit the permissions granted to them.


5. Separate personal and professional uses

Avoid using the same phone for sensitive professional and personal uses, or implement separation solutions (profiles, MDM, etc.).


6. Turn off the phone when it is not in use

A switched-off phone cannot be listened to or compromised remotely. This practice is recommended when it is left unattended.


7. Do not keep your phone with you during sensitive conversations

During confidential meetings or discussions, it is advisable to leave phones outside to avoid any risk of being intercepted.


8. Use secure messaging services

For sensitive communications, opt for end-to-end encrypted messaging applications rather than traditional SMS.


9. Be wary of suspicious messages

Phishing, fraudulent SMS, urgent messages… Always check the origin of communications before clicking on a link or forwarding information.


10. Protect access to the phone

Use a strong lock code, biometric authentication, and disable automatic access to sensitive functions.



Personal phone and professional use: an underestimated risk.


In many companies, personal phones are used for:

  • check work emails,

  • access to internal tools,

  • exchange with clients or partners.

Without clear rules or appropriate security measures, these practices directly expose the company to risks of data leaks and targeted attacks.

Raising user awareness and implementing good practices are therefore essential .


Going further in mobile cybersecurity


These recommendations form an essential basis, but they must be part of a comprehensive cybersecurity approach:

  • audit of uses and risks,

  • raising employee awareness

  • securing access,

  • supporting businesses in the face of current threats.


Our team assists organizations in implementing appropriate cybersecurity strategies , including mobile device security.


👉 Feel free to contact us for more information.


Source: CERT-FR / ANSSI – https://www.cert.ssi.gouv.fr

 
 
 

Comments

Contact us

Merci pour votre envoi !

E-mail: julien.robert@tomorrow-conseil.fr

Cookie Policy

Privacy Policy

© 2026 by Tomorrow Conseil. Created with Wix.com

bottom of page