Mobile Device Security

When most people think of cybersecurity, they think about computers. But mobile devices are really just computers that fit in the palm of your hand. Even people who are the most vigilant about securing their desktops, laptops, and emails, let their guard down when it comes to their mobile devices. A compromised mobile device may allow access to sensitive data about you, your family, your friends, and your organization. Fortunately, there are simple steps you can take to secure your mobile devices and deter cybercriminals from targeting you.

1. Ensure your device’s operating system is always up to date. Operating systems are often updated in order to fix security flaws. Many malicious threats are caused by security flaws due to an out of date operating system. Ensure you have automatic software updates turned on by default on your mobile devices. Some updates don’t take effect until you restart your device, so be sure to restart it after an update has been installed.

2. Watch out for malicious apps in your app store. Official app stores regularly remove applications containing malware, but sometimes these dangerous apps slip past and can be downloaded by unsuspecting users. Do your research, read reviews and pay attention to the number of downloads it has. Never download applications from sources other than official app stores.

3. Ensure applications are not asking for access to things on your phone that are irrelevant to their function. Applications usually ask for a list of permissions to files, folders, other applications, and data before they’re downloaded. Don’t blindly approve these permissions. If the permission requests seem unnecessary, look for an alternative application in your app store.

4. Turn user authentication on. Many people still don’t use a password to lock their devices. If your device is lost or stolen, thieves will have easy access to all of the information stored on it. Ensure that all your mobile devices have the screen lock turned on and that they require a password, PIN, or biometrics to gain entry. You can use a password manager to store different passwords for each account, and even to generate strong passwords so you don’t use one that’s easy to guess. It’s also a good idea to implement a Multi-Factor Authentication (MFA, also known as two-factor authentication) policy when applicable.

5. Be careful with public WiFi. According to a recent poll, although public Wi-Fi and bluetooth are a huge security gap and 91% of us know it, 89% of us choose to ignore it and use free public WiFi anyway. Cybercriminals use technology that lets them see what you’re doing. Any time you connect to another organization’s network, you’re increasing your risk of exposure to malware and cyberthreats. There are so many online videos and easily accessible tools that even a novice hacker can intercept traffic flowing over Wi-Fi, accessing valuable information such as credit card numbers, banking information, login credentials, and other private data. Avoid logging in to your online services or performing any sensitive transactions over public WiFi. If you must use public WiFi, make sure you are connecting via a VPN to encrypt your internet activity and make it unreadable to cybercriminals.

6. Practice safe scanning. A Quick Response (QR) code is a two-dimensional barcode that stores information in a grid of different colored squares or pixels. You scan a QR code with a smart device’s camera to access the information it contains, such as a website address, contact information, or product details. Although convenient, QR codes can be used to mask malicious intent. To mitigate the risk, you should always use the built-in QR code scanner in your device’s camera app. If your device doesn’t have a built-in scanner, only download a trusted third-party scanning app from your device’s official app store. You should also check for physical tampering before you scan. Cybercriminals can generate malicious QR codes and print them as stickers to cover up legitimate ones. Always review the link displayed on your device’s scanning app before you click. Just like with emails and websites, look for spelling errors, misplaced characters, and shortened web addresses, which are signs of a malicious website. Never enter sensitive information into a website you were directed to by a QR code unless you’re certain the site is legitimate. Always ask an employee to verify any QR codes posted in or around a business, and never scan QR codes placed in random locations.