🚀 Launch Special: $29/mo for life --d --h --m --s Claim Your Price →
Coming Soon
Expected availability announced soon

This course is in active development. Preview the scope below and create a free account to be notified the moment it goes live.

Notify me
Security Awareness Coming Soon

SA Mobile Device Security

The course teaches employees how to recognize mobile security risks, follow BYOD and device‑management policies, and apply safe practices for network connectivity, app permissions, and lost‑device response.

Who Should Take This

All staff who use smartphones, tablets, or laptops for work—whether in the office, on the road, or traveling abroad—benefit from this awareness training. It is intended for non‑technical employees who need practical guidance to protect corporate data and comply with security policies.

What's Included in AccelaStudy® AI

Adaptive Knowledge Graph
Practice Questions
Lesson Modules
Console Simulator Labs
Exam Tips & Strategy
20 Activity Formats

Course Outline

79 learning goals
1 BYOD and Device Management Policies
2 topics

BYOD policy fundamentals

  • Recognize the difference between company-owned, BYOD, and COPE device models and identify which policy applies to your device.
  • Describe the security responsibilities employees accept when enrolling a personal device in a BYOD program, including data separation and compliance requirements.
  • Identify which types of corporate data may and may not be stored on personal devices according to typical BYOD acceptable use policies.
  • Explain the purpose of containerization on BYOD devices and how work profiles keep corporate data separate from personal data.
  • Describe what happens to corporate data on a personal device when an employee leaves the organization, including selective wipe and deprovisioning procedures.

MDM and device enrollment

  • Recognize what a Mobile Device Management (MDM) solution does and why the organization requires device enrollment before accessing corporate resources.
  • Describe the types of controls MDM can enforce on enrolled devices, including password policies, encryption requirements, and remote wipe capabilities.
  • Explain why keeping your device OS and MDM profile up to date is necessary for continued access to corporate email and applications.
  • Identify what personal data MDM can and cannot see on your device and describe the privacy boundaries of corporate device management.
  • Analyze a scenario where an employee's device falls out of MDM compliance and determine the correct steps to restore access to corporate resources.
2 Network Threats and Secure Connectivity
4 topics

Public Wi-Fi risks

  • Recognize the security risks of connecting to public Wi-Fi networks in hotels, airports, coffee shops, and conference venues.
  • Identify signs of rogue or evil twin Wi-Fi access points designed to intercept corporate credentials and sensitive data.
  • Explain how man-in-the-middle attacks on public Wi-Fi can capture login credentials, emails, and file transfers even on seemingly legitimate networks.
  • Describe the risks of captive portal Wi-Fi networks that require entering credentials on an unencrypted page before any security protection can be established.
  • Analyze a travel scenario to determine which network connection options (hotel Wi-Fi, mobile hotspot, VPN) provide adequate protection for accessing corporate systems.

VPN and secure connections

  • Describe the purpose of a corporate VPN on mobile devices and how it creates an encrypted tunnel to protect data on untrusted networks.
  • Recognize when the corporate VPN should be activated, including before accessing email, internal portals, or file shares from outside the office network.
  • Explain the risks of split tunneling and why routing all traffic through the VPN provides stronger protection when handling sensitive corporate data.
  • Describe how to verify your VPN connection is active by checking the VPN icon, testing internal resource access, and recognizing disconnection indicators.

Bluetooth and wireless threats

  • Recognize the security risks of leaving Bluetooth discoverable in public places, including bluejacking, bluesnarfing, and unauthorized pairing attempts.
  • Describe safe Bluetooth practices including disabling discoverability, removing unused pairings, and verifying pairing codes before accepting connections.
  • Identify the risks of NFC-based attacks such as unauthorized data transfer and relay attacks when using contactless features in crowded environments.
  • Explain why disabling Wi-Fi, Bluetooth, and NFC when not actively in use reduces the attack surface of your mobile device.

Mobile hotspot and tethering

  • Recognize when using a personal mobile hotspot is more secure than connecting to public Wi-Fi for corporate work.
  • Describe how to configure a secure mobile hotspot with WPA3 encryption and a strong password to prevent unauthorized connections.
3 Lost and Stolen Device Response
2 topics

Prevention and physical security

  • Recognize the importance of strong screen lock methods including PIN, biometric, and complex passcode and why swipe-only locks are insufficient for devices with corporate data.
  • Describe how device encryption protects corporate data if a device is lost or stolen, even when the attacker has physical access to the hardware.
  • Identify physical security practices for mobile devices during travel, including hotel safes, keeping devices in sight, and avoiding leaving devices in vehicles.
  • Explain the benefits of enabling Find My Device features on both iOS and Android for locating, locking, and erasing lost devices.
  • Describe why automatic screen lock timeouts should be set to short intervals (1-2 minutes) on devices that access corporate data.

Incident response for device loss

  • List the immediate steps to take when a mobile device containing corporate data is lost or stolen, including contacting IT security and initiating remote lock.
  • Explain the difference between remote lock and remote wipe and describe when each is appropriate based on the likelihood of device recovery.
  • Analyze a device loss scenario to determine the correct reporting timeline, identify what corporate data may be at risk, and recommend appropriate response actions.
  • Describe the information you should provide when reporting a lost device, including device type, last known location, data stored, and encryption status.
  • Recognize that changing passwords for all corporate accounts accessed from a lost device is a critical immediate action to prevent unauthorized access.
4 App Security and Permissions
3 topics

Safe app installation

  • Recognize the difference between official app stores (Apple App Store, Google Play) and third-party sources and why sideloading apps bypasses security review.
  • Identify warning signs of malicious apps, including excessive permission requests, low download counts, poor reviews, and developer names mimicking legitimate companies.
  • Explain why the organization restricts app installation to approved stores and how unapproved apps can introduce malware, data leakage, or compliance violations.
  • Describe the risks of installing apps from links received via email, SMS, or messaging apps rather than searching for them directly in the official app store.
  • Recognize the danger of jailbreaking or rooting mobile devices and how it disables built-in security controls and may violate corporate device policies.

App permissions and data access

  • Recognize common app permission categories (camera, microphone, contacts, location, storage) and identify when a permission request is disproportionate to the app's function.
  • Explain how granting excessive permissions to apps can lead to unauthorized access to corporate contacts, calendar data, emails, and location information.
  • Describe how to review and revoke app permissions on iOS and Android devices and why periodic permission audits reduce data exposure.
  • Analyze an app permission request scenario to determine whether the requested access is justified by the app's stated purpose and recommend accept or deny.
  • Identify the difference between granting permissions 'always', 'while using the app', and 'never' and explain why location and microphone access should use the most restrictive setting.

App updates and maintenance

  • Recognize why timely app and OS updates are critical for closing security vulnerabilities that attackers actively exploit on mobile devices.
  • Describe the risks of running outdated apps or operating systems, including unpatched vulnerabilities, compatibility issues with corporate security tools, and loss of access.
  • Explain why enabling automatic updates for both the OS and apps ensures security patches are applied promptly without requiring manual intervention.
5 Mobile Threats and Social Engineering
3 topics

SMS and voice-based attacks

  • Recognize smishing (SMS phishing) attacks that use text messages to trick employees into clicking malicious links or revealing credentials.
  • Identify vishing (voice phishing) attacks where callers impersonate IT support, executives, or vendors to extract sensitive information or gain remote access.
  • Describe the warning signs of deepfake voice calls and AI-generated voice messages used to impersonate executives requesting urgent wire transfers or credential resets.
  • Explain the correct procedure for verifying unexpected requests received by phone or text, including callback verification using known numbers and out-of-band confirmation.
  • Analyze a smishing message to identify social engineering techniques, evaluate the threat level, and determine the correct reporting procedure.

QR code and mobile payment risks

  • Recognize the risks of scanning unknown QR codes that can redirect to phishing sites, trigger malware downloads, or initiate unauthorized transactions.
  • Describe how attackers place fraudulent QR codes over legitimate ones in public places and how to verify QR code destinations before proceeding.
  • Identify safe practices for mobile payment services including using only approved payment apps, enabling transaction notifications, and reviewing payment history regularly.
  • Explain how QR codes embedded in phishing emails can bypass traditional URL filtering and why scanning QR codes from unknown sources is as risky as clicking unknown links.

Mobile malware and spyware

  • Recognize symptoms of mobile malware infection, including unexpected battery drain, data usage spikes, unfamiliar apps appearing, and performance degradation.
  • Describe how mobile spyware can silently capture keystrokes, record calls, access cameras, and exfiltrate corporate data without visible indicators.
  • Explain the steps to take when you suspect your mobile device is compromised, including disconnecting from corporate networks, reporting to IT, and avoiding data entry.
  • Analyze a scenario where an employee notices unusual device behavior to determine whether the symptoms indicate malware infection and recommend the appropriate response.
  • Identify how mobile ransomware differs from desktop ransomware and recognize the warning signs of a device that has been locked by ransomware.
6 Secure Mobile Work Practices
4 topics

Data handling on mobile devices

  • Recognize which types of corporate data (PII, financial records, trade secrets, customer data) require additional protection when accessed from mobile devices.
  • Describe safe practices for viewing and sharing sensitive documents on mobile devices, including avoiding screenshots, not forwarding to personal accounts, and using approved apps.
  • Explain why copying corporate data to personal cloud storage services (iCloud, Google Photos, personal Dropbox) creates compliance and data leakage risks.
  • Identify the risks of using voice assistants (Siri, Google Assistant) with corporate data, including unintended cloud processing and recording of sensitive queries.

Travel and public use security

  • Recognize the risk of shoulder surfing when using mobile devices in public spaces and identify situations requiring a privacy screen or repositioning.
  • Describe the risks of using public USB charging stations (juice jacking) and explain why using personal chargers or data-blocking adapters is safer.
  • Explain the security precautions for international travel, including disabling auto-connect to Wi-Fi, using travel-specific devices, and following border crossing data policies.
  • Synthesize mobile security best practices into a pre-travel security checklist covering device settings, VPN configuration, backup procedures, and emergency contacts.
  • Describe the risks of leaving mobile devices unattended at conference venues and coworking spaces and the importance of physical possession at all times.

Mobile authentication and account security

  • Recognize why multi-factor authentication on mobile devices provides stronger protection than passwords alone for accessing corporate applications.
  • Describe the security differences between SMS-based, authenticator app-based, and hardware key-based second factors and why app-based authenticators are preferred.
  • Explain the risks of approving unexpected MFA push notifications and how prompt bombing attacks trick employees into granting unauthorized access.
  • Analyze a scenario involving a suspicious MFA prompt to determine whether it represents a legitimate authentication request or an attack and select the correct response.
  • Describe the importance of securing backup MFA recovery codes and what steps to take if your authenticator app or MFA device is lost or replaced.

Mobile device backup and data recovery

  • Recognize the importance of regular device backups for data recovery after device loss, theft, or malware infection.
  • Describe the difference between backing up to personal cloud services versus corporate-approved backup solutions and the data classification implications of each.
  • Synthesize mobile device security concepts to create a comprehensive personal mobile security audit covering device settings, app hygiene, network practices, and backup verification.

Scope

Included Topics

  • Mobile device security awareness for general corporate employees, covering BYOD policies, MDM awareness, app permissions, and sideloading risks.
  • Public Wi-Fi risks, VPN usage for mobile devices, Bluetooth threats, and secure hotspot practices.
  • Lost and stolen device procedures, remote wipe capabilities, screen lock enforcement, and device encryption awareness.
  • App store security, identifying malicious apps, permission reviews, and safe app installation practices.
  • Mobile payment security, NFC risks, QR code scanning dangers, and mobile banking precautions.
  • Practical scenario-driven training focused on everyday mobile security decisions employees face at work and while traveling.

Not Covered

  • MDM administration, server-side configuration, or enterprise mobility management platform deployment (IT staff responsibilities).
  • Mobile application development security, secure coding practices, or OWASP Mobile Top 10 (developer topics).
  • Advanced mobile forensics, jailbreak detection engineering, or mobile penetration testing methodologies.
  • Carrier-level network security, baseband vulnerabilities, or SIM cloning techniques.
  • Detailed cryptographic protocol analysis for mobile communication (e.g., TLS handshake internals).

SA Mobile Device Security is coming soon

Adaptive learning that maps your knowledge and closes your gaps.

Create Free Account to Be Notified