This might be hard for some of you to believe, but there was a time in the not-too-distant past when no one had a cell phone. No one. Today, we can’t imagine our lives without them. We use them to pay bills, do banking, order dinner, make grocery lists, feed our egos by posting selfies for everything, and so much more. We even use our phones to date now. As such, it seems prudent that our phones should be kept safe, protected from hackers and thieves who would love to get their hands on your personal information. In the next two blogs, we’re going to offer a few sug-
gestions on how to do just that. Some of them will be fairly simple, others will be a little more technical, but don’t worry, you won’t need an IT degree to do them!
When it comes to mobile security, there are two fields you need to be concerned with: physical security, and technical security. Physical security deals with the phone itself:
1) Have a strong PIN/Passcode
2) Shortening your screen timeout
Technological Security involves how you use your phone:
1) APP Security
2) Public Wi-fi
3) Browser Safety
We’re going to start by looking at the physical measures you can take to secure your phone.
Physical Security
Have a Strong Pin or Passcode
We all know not to leave our phones unattended. If you’re sitting in a coffee shop and you get up to get a refill, take your phone with you, right? But in the event that you accidently leave your phone on the table somewhere, a strong passcode or pin can help keep a casual thief out of your phone. Here are a few tips for making sure your phone PIN is unguessable.
First, do NOT use an obvious number, such as your birthdate. Most PINS are four digits, and it’s natural for us to pick something like our birth month and day, or even the year.
Don’t do that.
A clever person can easily get your birthday from you (using something known as social engineering), and before you know it, he has your phone and has now transferred all the money in your back account to himself. Try to pick a number that you will remember, but that few people would ever be able to associate with you. For example, if you have a great aunt who was born during the stock market crash of 1929, you might use that as your PIN. Try to avoid numbers that are associated with you or your immediate family.
If your phone lock uses a passcode, try to avoid any obvious names: you, your spouse or children, your pets, etc. It’s always best to randomize your passcode as much as possible (just make sure you can still remember it!). One quick tip for that would be to use a phrase (like a memorable movie line), and make your code the first letter of each word in that phrase. You'll remember it, but in print, it will be fairly random.
Shorten Your Screen Timeout
Another great thing to do is shorten the screen timeout window. That way if you do inadvertently leave your phone unattended, it will lock itself much faster, and therefore help to prevent prying eyes from viewing sensitive information you may have on your screen or in your phone. The only downside is you might have to unlock your phone more often, especially if you tend to remain idle often during use.
Now, as we said earlier, these are physical ways to help protect your phone. However, hackers are far more sophisticated than that, and they are often working for much larger entities (such as nation states). What steps can we take to protect our phones from things like viruses and other malware?
Technical Security
App Security
One thing that makes our phones so indispensable is that we have the ability to add apps for just about everything. However, the apps you download aren’t always what they seem, and there are two basic risks you face when downloading some apps: unsecured and malicious apps.
An unsecured app is a third-party app (an app designed by someone other than Android or iOS) that is, well, insecure. It has vulnerabilities and coding errors that attackers can use to gain entry into your phone’s operating system. Think of it like an open window in your house: thieves can break a window and enter your house, certainly, but going on vacation and leaving your kitchen window wide open? Not a good idea. Well, vulnerabilities in an app are the same thing. They can be discovered and exploited by bad actors, allowing them to view your files, disable functions, or install malware.
Have you heard the term "Trojan” in cybersecurity? That’s a malicious file or app that is designed to look like something else. Say you wanted to download a fitness tracker, so you find one with a bunch of good reviews, it looks legit, but what you don't realize is that it has ransomware pre-installed. That's what we're talking about here. So the important question is: how do you avoid this?
The first rule I recommend is to only download apps from trusted sources. The two largest app stores are, of course, Google Play and Apple’s App Store. Both hubs check the apps they sell for known malware and other hazards. That’s the good news. Unfortunately, there’s some bad news as well.
Due to the large number of developers who are submitting apps, oftentimes a less-than-secure app can slip through. While the risk is relatively small, it’s still a risk, so how do we prevent this? One way to combat this is to read reviews. Here, though, it's important that you read them smartly. If you see a flood of reviews that say something like, “This app is great!” and nothing more, then you may be looking at false reviews designed to trick you into installing the app. Instead, look for longer, more detailed reviews, especially any negative ones. If 1.4 million people have installed the app, and 40% of the reviews are negative, pay attention to that. Take a look at what they're saying. If they are complaining that the app "didn't work," then maybe it did work, just not the way the customer intended. In fact, I would argue that the negative reviews are a better indication than positive reviews of whether or not an app is safe.
Don’t Use Public Wi-Fi
Public Wi-Fi is just that: public. Anyone can access that network, which means that anyone with the right knowledge and tools can intercept your traffic (something known as a man-in-the-middle attack). They can read your credit card data, they can see phone numbers and emails, they can even view your browsing history. Don’t use it. It’s convenient to sit in a coffee shop and check your Instagram, but don’t. In fact, my advice would be to turn your wi-fi off every time you’re in public. Inconvenient? Yes, but it’s a lot more inconvenient to have your data stolen (also, just as a side note, one way around this is to use what’s called a VPN on your device. We’ll actually look at that in the next post!).
Use Incognito Mode
A really good practice to get into is to use your browser’s Incognito Mode (or whatever your browser’s version of it is). While this won’t encrypt your traffic, it will keep whatever you do from prying eyes, should someone get access to your phone. This is particularly helpful because it prevents your mobile device from saving cookies. Why does that matter? Because with the right person and the wrong security, it is possible for someone to use saved cookies to access your important accounts (such as a bank account). Keep in mind that these private browsing modes don’t prevent websites from seeing that you’ve visited, but they do keep someone who has physical access to your device from getting their hands on your browsing history.
Okay, so those were 5 quick tips for keeping your phone and personal data safe. In Part 2, we’re going to take a slightly deeper dive into some more technical and advanced methods. Thanks for stopping in, and I’ll catch you on the next one!
Comentários