In the CSC Global CIO Survey of 2014-2015, 82% of chief information officers identified cybersecurity as their top IT concern for the coming years. That’s four points higher than the previous year’s survey, and substantially ahead of any other concern.
This overwhelming response isn’t all that surprising. It’s no secret that hackers and cyber-criminals compromise many thousands of devices and personal accounts each day, stealing personal identification numbers, passwords, trade secrets, and money. In this environment, taking steps to protect your devices isn’t optional – it’s a necessity, and an acceptable trade-off for on-demand connectivity.
Whether you’re looking to safeguard your company’s data, your personal data, or both, start with these mobile security tips, hacks, and fixes.
1. Stick to Trusted Sources for App Downloads
There are literally millions of mobile apps out there. While it can be tempting to download seemingly useful apps directly from the source, doing so is inherently unsafe. Countless apps carry malware or spyware that can compromise your personal data and system health. Even if the site you’re downloading from has a valid SSL certificate and seems legitimate, it’s impossible to tell for sure that the app itself is aboveboard.
Reduce your exposure to potentially unsafe apps by limiting downloads to verified sources, such as the App Store, Google Play, or iTunes. These sources take pains to verify the safety and legitimacy of the apps they list for download. Any download carries some risk, but these white-hat sources are far safer than less well-known, less secure alternatives.
2. Avoid Unsecured Networks & Publicly Accessing Sensitive Websites
Don’t connect your phone’s WiFi or Bluetooth to unsecured wireless networks, even if you’ve used them in the past. If your home or office network is unsecured, take immediate action to secure it with a password, security questions, and PIN, if applicable.
If you’re in public, only connect to password-protected wireless networks. Even on secure public networks, avoid visiting or filling out forms on any sensitive websites, such as online banking or e-commerce websites that require you to enter financial information, personal identification numbers, or passwords. Unsecure public networks are vulnerable to remote or on-premise compromise by virtually anyone, and above-average hackers can compromise secure networks with relative ease.
3. Make Sure Your Device’s Kill Switch Is Turned On
Many new Android and iOS devices are equipped with kill switches that allow for remote locking, wiping, and data recovery for lost or stolen devices. According to CNET, in 2015 California mandated kill switches for all new mobile devices sold within its borders, spurring laggard manufacturers to get on board.
Activating your phone’s kill switch requires just a handful of steps and no technical expertise. However, you need to do this before your device is actually lost or stolen. Once the kill switch is enabled, you can use it to lock, wipe, and reset your device from any Internet-connected terminal. With your kill switch activated, it’s basically impossible for thieves and hackers to steal your personal data or resell your phone.
It’s important to note that kill switches are usually integrated directly into device hardware, so it’s not practical to add a kill switch to an existing device. If you have an older device without a kill switch, consider upgrading.
4. Lock Your Screen
This tip ranks up there with “Don’t make your password ‘password,'” but it nevertheless bears repeating.
The average mobile device thief isn’t sophisticated enough to hack past a locked screen. Unless you’re being singled out for some specific piece of sensitive information, such as a trade secret, the person who steals your phone isn’t likely to move heaven and earth to crack it.
If you haven’t already done so, take 30 seconds to set a strong PIN or password for your phone’s screen. Locking your screen can’t prevent a thief from stealing your phone, but it’s likely to prevent them from accessing your personal information.
5. Use a Comprehensive, Proactive Mobile Protection Suite
It goes without saying that your mobile device needs some sort of security software. However, traditional antivirus programs aren’t nimble enough to deal with ever-evolving, increasingly sophisticated threats.
Look for a mobile protection suite that offers the following:
- Malware Defense. Sophisticated mobile malware defense takes a multifaceted approach that includes signature recognition, user behavior, source origin, structure, permissions, and static/dynamic analysis to detect potential threats.
- Network Defense. Network defense secures mobile devices against network-based attacks originating from secure and unsecured networks.
- OS Level Defense. OS-level defense requires painstaking research and analysis, backstopped by human and machine intelligence, to detect and address operating system vulnerabilities.
- Physical Defense. Physical defense prevents device tampering, reducing the risk of physical data theft or resale.
6. Back Up Your Data
Back up your device’s data regularly. Carve out time to do so at least once per month – and possibly more often, particularly if you use your device for both work and personal activities.
There are plenty of backup options available. Consider using a secure cloud storage app, such as Dropbox, for non-financial, non-identifying information. Use an external hard drive or thumb drive for very sensitive information. Consider “storing” passwords and financial information on paper or in some other analog form. Use a fireproof lock box to ensure that physical storage (including thumb drives and hard drives) don’t fall into the wrong hands or suffer preventable damage.
7. Log Out of Sensitive Websites & Don’t Save Data
Even on secure networks (including your home network), be sure to log out of online banking websites and other sensitive properties as soon as you’re done with them. Avoid shopping and banking websites that don’t have automatic session timeouts, as they leave your data open to compromise indefinitely.
Lastly, don’t save usernames, passwords, personal identification numbers, and other sensitive data in your browser. If your browser has been compromised by a virus or malware program, any saved information is at risk of being stolen and misused.
8. Avoid Interacting With Suspicious Emails, Texts & Websites
Most email programs have built-in spam filters. If this is the case for yours, you probably don’t get a ton of suspicious emails. However, it’s still possible for well-designed phishing emails to make it past your filter, and you therefore need to be on the lookout for anything that doesn’t quite look right.
Ideally, you shouldn’t even open suspicious-looking emails. Embedded images and files can harm your computer, even if you don’t actively download them. If you do open an email that seems legitimate at first glance, but decide upon further reflection that it’s suspicious, don’t download any attachments, click any links in the message body, or respond in any fashion – particularly if the message instructs you to respond with your password, account number, Social Security number, or similar sensitive information. Instead, if needed, contact the sender directly, using a phone number or email address found on their website.
In many cases, emails purporting to be from reputable sources, such as banks or online merchants, are phonies meant to entice you to share personal information. The same goes for text messages – if you receive a text or push notification from a sender purporting to be a company you’ve done business with requesting personal information, visit that company’s website and call or email them directly. Don’t share any information via text.
Finally, whenever you visit a sensitive website, double-check the URL to ensure that it’s legitimate. It’s common for shady cyber-criminals to create impostor websites that imitate legitimate sites’ branding and content. Often, the only way to tell that a site isn’t legitimate is to look at the URL, which could be off by just one character or domain extension.
9. Turn Off WiFi and Bluetooth When Not in Use
Just as it’s smart to log out of any sensitive websites as soon as you’re done using them, it’s advisable not to keep your phone’s WiFi or Bluetooth on when you’re out in public.
Depending on how your device is configured, it may automatically connect to WiFi networks you’ve used previously (for instance, in a coffee shop or building lobby) without notifying you – even if you don’t need or want to be online.
Likewise, some devices’ Bluetooth systems are configured such that the devices are able to be discovered by nearby devices – again, potentially without users’ knowledge. That’s a big security risk in crowded public places, where hackers can access your device through other devices that have discovered your Bluetooth.
The mobile security landscape changes constantly. The threats that preoccupied users, developers, and IT teams six months ago aren’t necessarily the same threats that preoccupy them today. Six months hence, the threat and opportunity mix might be different still.
While these tips make sense in any threat environment, mobile device users must understand – whether they know it or not – that they’re locked in an ongoing arms race with bad actors who want nothing more than to make off with their personal and professional data. If you’re worried about what the future holds, find a trusted security suite that can keep up with the bad guys.
What’s your biggest current mobile security worry?