For many of us, our phones are used for much more than simply making calls. We store a wide library of personal information including credit card digits, passwords, personal notes, contacts, and a range of sensitive data that would be very problematic for us if it got into the wrong hands.
When we think about hacking we tend to imagine a skilled criminal targeting corporations or networks, not simply our smartphones. However, with phones so sophisticated in current times, these devices are just as similarly targetted and in some cases even more susceptible to a cyber attack.
Let’s cut to the chase, how do we protect our smartphones and the sensitive data they contain? We have put together 10 steps to give you better security:
Use the in-built lock features
The perfect place to start is with the security features already on your phone. This is generally a first step in setting up your device, but if you skipped it, make sure you choose a way to lock your phone either with a password, PIN, fingerprint or facial recognition. A locked device is far less enticing than a device that can be opened by anyone.
Once you have set up the lock feature, make sure to lock your phone after use – don’t put your phone down unlocked as the delay creates a small window of opportunity for thieves.
Use strong passwords or a password manager
We’ve already explained the importance of using strong passwords to protect your devices and accounts. According to Verizon Data Breach Investigations (DBIR, 2017), “81% of hacking-related breaches leveraged either stolen and/or weak passwords”.
When creating a password, avoid using common terms such as “password” or “admin” and easily found personal information such as a name, birth year, or location. It is also good practice to avoid using predictable sequences such as “123” or the current year. These weak passwords can be compromised in a “brute-force attack” in which common and guessable passwords are rapidly tested by a hacker or software.
Instead, make your password a little longer and use unrelated words. One tactic to create a strong password is to choose three totally random words to string together, for example: “hamburgerbutterflybike”, as these are not personally tied to you and therefore near-impossible to guess.
Alternatively, you can have a password manager generate strong passwords for you and store them securely. We recommend LastPass for an easy and reliable experience.
Use two-factor authentication
Two-factor or multi-factor authentication provides an extra layer of protection for your device and apps. This process involves an extra step to your log in such as a code sent to a second device or a different form of identification.
Use the in-built Mobile Device Management (MDM) features
MDM features allow you to track and locate your device if lost or stolen but only if these features are turned on. It also requires a cellular data connection in order to be reached, otherwise, the device is offline and cannot connect. If you do have cellular data, make sure your MDM features are turned on to give you the best chance of retrieving your device.
If you have an Apple iPhone, your MDM is called “Find My iPhone” and if you have an Android phone, yours will be called “Find My Device”. Locate in the settings and switch on.
Regularly update your operating system (OS) and apps
Updates to your OS improve functionality and appearance. Beyond these features, system updates can correct security loopholes and vulnerabilities hackers may be able to exploit. Providers are continually improving their software, releasing updates that often include bug fixes to improve the security of your device, making it more difficult for hackers to infiltrate.
Similarly, the apps stored on your device can also provide a gateway for cybercriminals to hack your phone. It is important to regularly update both your apps and operating system. We recommend turning on automatic updates or manually updating as soon as possible once a new OS or app update is announced.
Avoid public Wi-Fi
An unsecured connection can grant hackers an opportunity to tap into your device without you even noticing. We often see free Wi-Fi offered at public venues such as shopping centres, airports, and cafes, however, connecting to this service leaves our devices open for man-in-the-middle attacks, malware, and Wi-Fi sniffing (digitaltrends, 2015).
Where possible, use your secure cellular data rather than public Wi-Fi. If you need to utilise public Wi-Fi, we recommend investing in a VPN app to encrypt and secure your connection.
Back up your smartphone
This one is a no-brainer. In the event that your device is stolen or breached to the point of no recovery, having a backup means you can restore your data. Make sure to back your device up regularly or else your restoration will be missing your most recent data that has not been backed up.
Be cautious when downloading apps
Not all apps available on the app store are of a reliable source. Pay attention to the details: the system requirements and permissions can include unrealistic or sinister demands that you may agree to upon use of the app if you do not read the terms. Additionally, these apps can contain hidden trojans or malware resulting in these dodgy developers obtaining access to parts of your device that they shouldn’t such as messages or other apps.
Pay attention to the app developer and reviews to determine if the app is genuine and trustworthy. Always download from your official app store rather than links on the web to avoid being tricked into downloading malicious software.
Stay savvy of spam and phishing emails
This is one of the easiest methods for cybercriminals to access your smartphone. Think twice before clicking a link on an email as these scams are designed to manipulate you into handing over credentials and passwords, often asking you to log in on a page imitating the service it claims to be. Check the sender address, avoid clicking links, and do not provide your personal details or credentials as your various providers generally never require these from you.
If in doubt, don’t touch it. Call your provider to confirm its legitimacy if you are unsure.
Consider cybersecurity software
Sophos Intercept X for Mobile is free and available on Google Play and Apple App stores. The app will highlight important OS updates and detect malicious W-Fi connections. You’ll also find a secure QR Code Reader feature that allows you to scan codes safely and generate verification codes for multi-factor authentication.