Top 10 Mobile Security Tips
- Before you leave, make sure that your device's software is up-to-date. Consider removing older applications that you no longer use.
- Keep your WiFi and Bluetooth interfaces off when they are not in use.
- Avoid using public WiFi hotspots. Public WiFi hotspots usually have no encryption. As such, malicious actors within a certain physical distance from you can eavesdrop on your communications. If you do use public WiFi, try to use it only for basic browsing and applications that do not involve personal data. Try to avoid logging into sites or accounts that contain sensitive data, such as your bank. Also, this advice is not just for your browser. Avoid using specific applications that interface with your sensitive data, i.e., a banking application. If you find yourself needing to use public WiFi often, you should consider using a VPN. The other concern with using public hotspots is that it is dangerous to have a saved WiFi profile where the connection has no password or a well-known password. In this situation, it is trivial for an attacker to deploy a fake access point and trick your device into unexpectedly connecting to a hostile network.
- Consider using a VPN. In the previous tip, it was suggested that you shouldn't use public WiFi due to unencrypted wireless communication unless you use a VPN. However, a VPN can be useful even if you don’t use WiFi. A VPN will create an encrypted connection for you so that your data is protected before it enters the network. The VPN serves as a secure tunnel between your device and the Internet. Note that not all VPN service providers are the same; a VPN provider that is not trustworthy is no better than just connecting straight to the public WiFi hotspot and in fact could be worse if the provider is malicious or becomes compromised. Make sure that you shop around and do research on your VPN service provider to ensure that the provider is trustworthy. An important consideration when traveling is whether or not the VPN client can prevent traffic from leaving your mobile device before the secure tunnel has been established. This feature provides extra assurances that no sensitive data will be exposed to a malicious wireless operator.
- Password protect your phone with a PIN or better yet a passphrase. Devices can be easily lost or stolen. This is never a fun event. In the unfortunate event that your device goes missing, keeping it secure with a PIN or passphrase will prevent malicious actors from accessing the physical device and then stealing your personal information.
- Encrypt your device. Similar to having the device PIN protected, encrypting the device adds a layer of protection to your data in the event that a malicious actor gets access to the physical device.
- Consider using the vendor provided GPS-based device location service. In the event that you lose your device, you can find the device or even remotely wipe it if you are worried about data loss. For those with Android devices, 'Android Device Manager' or the recently released ‘Find Device’ apps are both tied to your Google Account, while Apple users can use 'Find My iPhone', tied to their Apple ID.
- Prior to leaving your home network, you should configure any applications that you think you will require while you are out and about. For example, if you plan on using Uber, make sure that your Uber account is setup and that your payment information is configured. Not only do you avoid transmitting that payment information while you’re out; you avoid anyone reading off your credit card number as you enter it.
- Enable 2FA (two-factor authentication) for applications that support it.
- If you need to use your mobile device as a personal hotspot, ensure that the hotspot name reveals no personal details, use a strong password, and monitor the number of connected devices to ensure that no one else is accessing your connection.