Hey! You’re back! Awesome! Just in case you missed it, Part 1 of this blog is right here, and you’ll probably want to read that first. Last time we took a look at a few tips and tricks to help keep your phone data safe in public. If you’ll recall, there are two basic ways to keep it safe. The first is through physical security, and the second is technological security. In this post, we’re going to take a look at a few more in-depth tips. Like before, there will be a few physical tips, as well as a few technological tips.
Physical Security
Password Security
We discussed the importance of setting up a strong passcode or pin for your phone itself, but in the event that someone does gain access to your phone, how do you keep them out of your bank account or social media? Well, just like you need a strong passcode for your phone, you also need strong passwords for your accounts. Most of us in cyber security would advise you to pick a password that is around 10 characters, and make sure it has a mixture of upper- and lowercase letters, numbers, and special characters. One thing I would recommend you not do is pick something that is related to your family, your pets, or your birthday. For example, if your favorite pet is your dog, Molly, then “Mollykins” would not be a good password. Rather, make it as random as you can, while still being able to remember it. One way to do that is to pick a phrase that you can remember.
As an example, let’s pick a favorite line from a movie. In The Fellowship of the Ring, Boromir, upon seeing the Balrog, asks, “What new devilry is this?” That’s the basis for a great password. Take the first letter of each word:
Wndit
Let’s add the question mark, too:
Wndit?
Now, let’s make that uppercase a little more random:
wNdit?
Let’s add another special character at the beginning:
@wNdit?
Lastly, because we want a number, let’s make that “I” a “1”:
@wNd1t?
Now, we obviously want a password that’s longer, but I hope I’ve given you an idea for coming up with a password that is complex, but still something you can remember. In any event, play around and see if you can come up with something seemingly-random to others, but memorable to you (for other tips on making a strong password, check out this blog).
Disable Blue Tooth
Blue Tooth is extremely versatile. It can be used to transfer files, talk hands-free, it’s used with headsets and earbuds . . . like I said, it’s versatile. However, Blue Tooth devices can be scanned and located by other nearby devices, and once connected, the Blue Tooth connection can become a pivot point into your device. Because of this, one thing I strongly recommend is disabling Blue Tooth altogether if you don’t plan on using it. Just turn it off. Leave it. If there’s no connection to find, then . . . uh, well, then hackers can’t find it.
If you are someone who uses Blue Tooth, however, at least turn it off when you’re not using it. Oh, and when you do use it, make sure you’re using it in “hidden” mode.
Spam/Phishing Emails
We’ve all seen them: “My name are the Emperor Hajib Umbuntu, and I hail from Nigeria. God told me to bless you with all of my money, so if you pay me $1,500 in US currency dollars, I will process my significant sum of considerable wealth and bless you with it.” Right? We’ve all gotten those, and they are extremely easy to both spot and ignore. Unfortunately, cybercriminals can be much, much trickier, sending emails that look pretty legitimate. They might send an email that looks like it’s coming from your bank, the IRS, or, if even an invoice from a company you work with or subscription you have. You might see a notification that your bill is overdue, or that someone has attempted to hack into your bank account. Then they will usually present a link for you to click, which takes you to a legitimate-looking page. So you login, typing in your username and password, and boom. The bad guys now have access to your bank account.
When it comes to emails like this, there is really only one rule: Do. Not. Click. On. The. Link.
Don’t do it.
Instead, open your browser and go directly to the site. If you go to the site directly and find out that your account is actually overdrawn, or you do have a bill to pay, then you can still address the issue. If it was a scam, however, you just saved yourself a whole lot of trouble.
Technical Defenses
Use a VPN
We talked last time about never using public wi-fi, and I will stand by that, possibly, forever. If you do need/like to sit out in public and use the internet, you may want to consider using a Virtual Private Network, or VPN. What a VPN does, essentially, is create a tunnel through which your data can travel that will keep it safe from prying eyes. Let’s look at this for a moment.
So when you connect to public wi-fi and go to a website, all of your data is flying through the air, back and forth, between your phone and the website you are visiting (via the wi-fi router). Here’s the deal: anyone with the right tools and knowledge can sit on that same network and intercept everything you are doing. Logging into your Instagram? They can see it. Paying your mortgage? They can see it. It’s easier to do than you might think, too. I have the tool on my laptop right now. A VPN, on the other hand, creates an encrypted tunnel through which all of your data travels. They can still see it, but it’s complete gibberish.
Run Updates Regularly
Apps are nothing more than lines of code that show up as pretty pictures on your screen. Your web browser is driven by programming code, your Snap Chat is driven by code, everything on your computer is driven by a programming language of some sort, and with all those lines of code come vulnerabilities. A vulnerability is a piece of code that could be missing something, has an unnecessary component, or any other number of things that an attacker can leverage to gain unauthorized access to your system.
Think of coding like writing a book. On the first draft, there will always be typos, inconsistent characters, plot holes, etc. An editor will then go through and check for these things, make corrections, and then send the manuscript back to the author. Coding is very similar. There are people who go through the code line by line (which can often run in the hundreds of thousands), checking for bugs and problems. Unfortunately, there’s a component to this that we haven’t discussed, and that’s familiarity. The reason we can edit books so thoroughly is because they are written in our native language. Imagine, however, being a native English speaker and having to edit a book in Spanish. Are you likely to overlook something? Sure. Well, computer code is its own kind of language, and it’s a second language for everyone. This is how vulnerabilities happen.
However, most companies are good at reviewing and fixing problems as they arise, and they then present those solutions as software updates. Every time your phone needs to restart so that it can process an update? Let it. In fact, I would strongly recommend picking one day a week – let’s say, Thursdays – and just automatically check for updates. This way you can help fix known vulnerabilities before they become problems for you.
Antivirus Software
This kind of goes without saying, since we all have antivirus/malware software on our computers. However, often times we don’t ever think about putting it on our phones, even though our phones are often used and connected far more than our computer are. A good software, used with regular updates and scans, is vital to your phone safety. While there are many great products out there, here are a few I would recommend:
1) Malwarebytes – This one comes with a free version that works almost as well as the paid version. I have seen this software routinely find bugs that other removal programs have missed. You can find it here.
2) Norton 360 – As far as cost goes, this is on the lower end of the spectrum, but you’ll still have to pay for it. I can’t speak to its virus removal capabilities, but it does act as a killer Intrusion Prevention System (IPS). Funny story: I was practicing running some penetration testing on a virtual machine I was using, but I got the IP addresses wrong and ended up attacking my own computer, and Norton shut the process down so fast I couldn’t even process what had happened. So, it works. You can find it here.
3) Avast – For Android, Avast consistently performs well on both consumer-based on cyber professional reviews. Plus, it’s free. Oh, and they offer a VPN.
So there you have it. If you’re looking to lay a foundation for safe mobile practices, these two blogs should help get you started. Like it or not, cyber crimes are increasing, with hackers growing smarter and more sophisticated. And while cyber security is also doing the same, it is up to you, the consumer to take steps. Now, a quick word about why there are so many different steps, and that’s because there is no one solution that will keep you safe. Rather, you must take a layered, approach to cyber security (something we call defense-in-depth).
Think of it like a castle. A castle with only a wall isn’t going to keep out invading armies. This is why castles have walls, archer towers, draw bridges, moats, and gates that are secured with bars, soldiers, and a portcullis. Well, cyber security is no different: if something breaks through your firewall, you need an antivirus software. You can prevent someone from getting your phone physically, but you also need to prevent them from listening in on your internet traffic. You need a mutli-defense layer that is designed to keep out all manner of attacks.
Today, I’ve given you a few tools to help you build that layered defense. But reading it and not acting won’t do you any good; you must take action on what you’ve learned. Go defend your castle.
Comments