The rapidly changing technology and portability of mobile devices have forced people to rely heavily on those products. With their increased functionalities, mobile devices carry out a number of our day-to-day activities, such as surfing the web, booking appointments, setting up reminders, sharing files, instant messaging, video calling, and even mobile banking.
Given all these functionalities, mobile devices are vulnerable to online threats and susceptible to physical attacks due to their portability. Some security threats include malware specifically designed for mobile devices, i.e., worms and spyware, unauthorized access, phishing, and theft.
But not all is lost. Here are some practical steps that will help you minimize the exposure of your mobile device to digital threats.
1. Use strong passwords/biometrics
Strong passwords and biometric features, such as fingerprint authenticators, make unauthorized access nearly impossible. Your passwords should be eight or more characters long and contain alphanumeric characters.
The complexities of your passwords in other apps might tempt you to store them like a browser does – using the 'remember me’ feature. Device users and administrators should avoid this feature since it only increases the chances of your password getting spoofed. Alternatively, if you lose your device, another person might gain full access to it. With that comes access to accounts where you have valuable data such as banking and payments systems. Furthermore, don’t forget to change your password from time to time (at least every three months).
Consider multi-factor authentication
If your mobile device allows two-factor authentication (2FA), don’t hesitate to use it. You don’t want to be subject to unforeseen attacks. When 2FA is enabled, you will need to authenticate using a second method when logging into certain apps or websites. Authentication methods include a text message, email link, or confirming the validity of the login from another device where you are connected.
2. Ensure public or free wifi is protected
Everybody loves free wifi, especially if your data plan is limited. But cheap can turn expensive in a very devastating manner because most free wifi points are not encrypted. These open networks allow cybercriminals to eavesdrop on the network traffic and quickly get your passwords, usernames, and other sensitive information. For a skilled cybercriminal, it could only take moments to for your data to land in the wrong hands.
The threat isn't going anywhere anytime soon, either. In fact, a quick search turns up dozens of articles proclaiming that “hacking wifi networks have become a piece of cake.” As the demand for free and accessible wifi rises, criminals catch on to this low-hanging fruit. And it can easily become rotten.
To protect against wifi hacking, use applications that secure your connection or tell you the status of the wifi to which you are connected. WPA (Wifi Protected Access) is more secure than WEP (Wired Equivalent Privacy). As a matter of caution, you should also turn off wireless connectivity (wifi and Bluetooth) when you are not using them. This will help avoid automatic connection to unencrypted networks and save your battery.
3. Utilize a VPN
If you’re unsure about the security status of the network you’re connected to, using a VPN (Virtual Private Network) client is mandatory. A VPN will enable you to connect to a network securely. At the same time, the VPN will shield your browsing activity on public wifi from prying eyes. It is also useful when accessing less secure sites. VPN services are relatively inexpensive and are invaluable for protecting your website traffic and private information.
Non-HTTPS sites are visible to anyone who knows how to use networking and vulnerability tools. These sites are prone to MITM (man-in-the-middle) attacks, which pave the way to eavesdropping and password sniffing. You need to have a new mindset when it comes to fighting cybercrime.
4. Encrypt your device
Most mobile devices are bundled with a built-in encryption feature. Encryption is the process of making data unreadable. Decryption, on the contrary, will convert unreadable data into accessible data.
Encryption is important in case of theft, and it prevents unauthorized access. You simply need to locate this feature on your mobile device and enter a password to encrypt your device. This process may take time, depending on the size of your data. The bigger the data, the more patient you’ll need to be.
Most importantly, you need to remember the encryption password because it's required every time you want to use your mobile device. Also, as a fail-safe, consider backing up your data since some mobile devices will automatically erase everything if the wrong encryption password is entered incorrectly after a certain number of times.
5. Install an Antivirus application
The files you download and the apps you install on your mobile device might contain malicious code. Once launched, this code could send your data to criminals, making you unsecured and robbing you of your privacy. To avoid that, installing a reputable antivirus application will improve your security.
Some antivirus applications also offer more functionalities, such as erasing your data if you lose your mobile device, tracking and blocking unknown callers who might be a threat, and telling you which applications are unsafe. In addition, they offer to clear your browsing history and delete cookies. Cookies are small software tokens that store your login information that might be leaked if someone malicious gets to them.
6. Update to the latest software
Your mobile device firmware might also be vulnerable to security threats. New loopholes might be exploited, leaving your device open to threats. To avoid that, always update your firmware/device. Major mobile device firmware companies, such as Google’s Android and Apple’s iOS roll out new updates from time to time. Most of those updates act as a security patch to known vulnerabilities on your device. Set up updates to be manual or automatic, and don’t delay these installations for long.
7. Be discerning
In virtually any context, your best bet at staying safe is to err on the side of mistrust. That doesn’t mean being paranoid, of course. But, be discerning when you’re using your device. Don’t click links from unknown senders, don’t download software from unknown sources, and don’t provide personal information to unconfirmed sites or people.
8. Keep backups
Unfortunately, sometimes, things happen. Even if you do the best you can, sometimes one mistake can cost you, and it may cost you more than money. If your mobile device is compromised, you risk losing all of your data, and that includes your contacts and precious photo memories. Keep a backup so you can restore your data should your phone or access fall into the wrong hands. Automated backups will save you the hassle, and can be performed at times that you’re using your phone less, like overnight or in the early morning hours. Save your backup data to another source such as Google Drive, iCloud, OneDrive, or another service.
Other things to consider
- Avoid using autofill – Some websites and applications automatically fill in your username when you visit them. This is due to the autofill feature. Turn it off as soon as possible.
- Log out – After using mobile applications, especially those linked to one another, such as google applications, ensure that you log off each time you are done using them.
- Use only trusted stores – You should download apps from secure stores, such as Apple's App Store. This depends on the platform your mobile device uses.
- Enable tracking - Consider enabling Find My iPhone (Apple) or Find My Device (Android) to follow your mobile device if it goes missing.
Securing your mobile device is challenging, but it should be your first priority. As new vulnerabilities are found every day, it’s essential to make sure that you are aware of any suspicious activity on your device.
About the Author:
Having spent her career in various capacities and industries under the “high tech” umbrella, Stefanie Shank is passionate about the trends, challenges, solutions, and stories of existing and emerging technologies. A storyteller at heart, she considers herself one of the lucky ones: someone who gets to make a living doing what she loves.
Editor’s Note: The opinions expressed in this and other guest author articles are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.
