Mobile devices—smartphones and tablets—are essential for NDIS providers, enabling support workers to log notes, check rosters, and access participant data on the go. However, unsecured devices risk data breaches that harm participants and violate the NDIS Code of Conduct. Vivek Mahajan, founder of Careable and Cyber.Guide, has prioritized mobile security since launching Careable as a registered NDIS provider in 2022, leveraging his 12 years of cybersecurity experience at Cisco, NTT, and Fujitsu.
The Australian Cyber Security Centre (ACSC) reports that 50% of data breaches involve mobile devices, with unsecured devices increasing breach costs by 40%. Here’s how to secure your NDIS business’s mobile devices, aligned with ACSC’s Essential Eight and NDIS Practice Standards.
Securing Mobile Devices
1. Require Screen Locks
The ACSC’s Mobile Device Security Guidance mandates screen locks to prevent unauthorized access.
- Use PINs (6+ digits), fingerprints, or facial recognition.
- Set auto-lock to 1 minute or less.
- Enforce via Mobile Device Management (MDM).
NDIS Compliance: Screen locks meet Privacy Act’s reasonable security measures.
Example: The 2024 ACSC Annual Cyber Threat Report notes that screen locks have prevented thousands in losses from lost devices.
See training tips in How to Train Your Staff on Cybersecurity Basics.
2. Enable Device Encryption
Encryption protects data if devices are lost or stolen. Most iOS and Android devices enable encryption by default.
- Verify encryption is active in device settings.
- Use VeraCrypt for additional file-level encryption.
- Store encryption keys in Bitwarden.
NDIS Compliance: Encryption aligns with NDIS Code of Conduct for participant privacy.
Learn about backups in Backing Up Your NDIS Business Data.
3. Deploy Mobile Device Management (MDM)
MDM tools enforce security and compliance, per ACSC guidance. Use MDM to:
- Remotely wipe lost/stolen devices.
- Restrict unapproved apps (e.g., via Microsoft Intune).
- Monitor compliance with NDIS policies.
Real Impact: At Careable, Vivek’s NDIS provider, deploying Microsoft Intune in 2023 secured staff devices, aligning with ACSC guidance.
Affordable MDM options:
- Google Workspace Endpoint Management (free with Google Workspace).
- Microsoft Intune ($6/user/month).
- Kandji (Apple-focused, $7/device/month).
NDIS Compliance: MDM meets NDIS Practice Standards for governance.
4. Avoid Public Wi-Fi
Public Wi-Fi risks data interception, per ACSC’s Network Security Guidance.
- Disable auto-connect to public networks.
- Use a VPN like NordVPN for secure connections.
- Train staff to use mobile data instead.
NDIS Compliance: Secure networks uphold Privacy Act’s security requirements.
See Wi-Fi tips in Is Your Wi-Fi Putting Your NDIS Business at Risk?.
5. Install Security Apps
Security apps detect malware and unsafe behavior. ACSC recommends:
- Bitdefender Mobile Security ($15/year).
- Norton Mobile Security ($20/year).
- Lookout (free basic plan).
Advanced Tip: Enable zero-trust policies via MDM to verify all app access, per ACSC’s Zero Trust Guidance.
NDIS Compliance: Security apps meet NDIS Practice Standards for data protection.
6. Keep Apps and OS Updated
Outdated apps and operating systems are vulnerable. The ACSC’s Essential Eight requires:
- Enable auto-updates for iOS, Android, and apps.
- Use MDM to enforce updates.
- Monitor compliance via Google Workspace Endpoint Management.
NDIS Compliance: Updates align with Privacy Act’s security measures.
Debunk myths in Cybersecurity Myths NDIS Providers Should Stop Believing.
7. Segregate Personal and Work Use
BYOD risks data leakage. The ACSC recommends:
- Use separate work profiles via MDM (e.g., Microsoft Intune).
- Create a BYOD policy mandating encryption and MFA.
- Use containerized apps like Microsoft Outlook for work data.
NDIS Compliance: Segregation upholds NDIS Code of Conduct for participant privacy.
Learn about 2FA in Why NDIS Providers Need Two-Factor Authentication.
8. Remove Access for Ex-Employees
Unrevoked access risks data breaches. The ACSC advises:
- Revoke access to email, NDIS portals, and apps immediately via MDM.
- Reset shared passwords with Bitwarden.
- Audit access logs quarterly.
NDIS Compliance: Access control meets NDIS Practice Standards for governance.
Why This Matters
Unsecured mobile devices threaten participant trust and NDIS compliance. The ACSC warns that 60% of small businesses fail within six months of a cyberattack, with average losses of $46,000. As Vivek says, “You care for people—I’ll help protect the systems that support them.” Secure mobile devices ensure compliance with the NDIS Code of Conduct and safeguard participant dignity.
About Cyber.Guide: Founded by Vivek Mahajan in 2022, Cyber.Guide empowers NDIS providers with free, practical cybersecurity tools tailored to the sector. Our mission, rooted in Careable’s C.A.R.E. philosophy (Compassion, Accountability, Respect, Empowerment), is to secure the systems that support your participants.
Test Yourself: Are your NDIS business’s mobile devices secure? Take our free Cybersecurity Quiz to find out.
Author: Vivek Mahajan, founder of Careable and Cyber.Guide, brings 12 years of cybersecurity experience from Cisco, NTT, and Fujitsu, plus hands-on NDIS expertise as a registered provider. Connect at vivek@careable.com.au or LinkedIn.
Trust Note: All Cyber.Guide content is fact-checked, updated quarterly, and aligned with ACSC’s Essential Eight and NDIS Practice Standards. Examples are generalized from ACSC data or verified outcomes; no unverified incidents are included. Statistics are sourced from the 2024 ACSC Annual Cyber Threat Report. See our Privacy Policy.
CTA: Download our NDIS Mobile Security Checklist at Cyber.Guide to protect your participants today.
Incident Reporting: If you suspect a mobile-related breach, report it to the ACSC at cyber.gov.au/report and notify the OAIC for eligible data breaches, per the Privacy Act 1988.
