[co-author: Jonathan Snyder]
In the second of four articles for Cybersecurity Awareness Month (October), FTI Cybersecurity presents essential best practices for securing your mobile device at home and on the job.
Most of us consider the minicomputer we carry in our pockets to be a direct line for managing various parts of our personal and professional lives. We chat, text, check the S&P 500 and sports scores, email the boss, snap selfies, and navigate unfamiliar cities on our business trips.
Cyber criminals look at our smartphones — and by extension us — through a different lens. They see a veritable treasure chest of data and information for the taking and owners who may be too busy or preoccupied to keep their devices secure. The good news is that we can tighten the security around our smartphones with 10 simple low-tech actions that will protect our information and data whether at home, work or out and about.
1. Update regularly
This applies not only to your mobile device operating system (OS), but to your apps. Attackers will often target known vulnerabilities that appear in older versions of software. By consistently updating the OS and your apps,* you can reduce your risk with the simple click of a button.
2. Turn on multifactor authentication (MFA)
Not every website, app or service offers it, but for those that do, MFA adds an extra level of security. Most MFAs work by automatically sending a numeric code to your phone via SMS or push notification through an app when you log into a password-protected account, but avoid using SMS (text)-based MFA if possible. Cyber criminals and other nefarious actors often target wireless provider accounts to obtain access to your SMS messages. Use a dedicated MFA app like Duo or Google Authenticator when possible, including for personal apps, even if you already have one installed for corporate apps.
3. Be wary of unsolicited calls/text messages
The creativity and complexity of attacks tends to run one step ahead of security, so you should give additional scrutiny to any calls or messages that ask you to perform an unusual action or provide excessive information. Rule of thumb: You’ll never be asked out of the blue to provide a social security number or password by a legitimate organization.
An Ongoing Principle
• Create strong passwords of at least 8 characters; avoid using common words, phrases or personal information, and include uppercase and lowercase letters, numbers, and special characters.
• Change passwords periodically.
• Use unique passwords for every service.
• Do not share or reuse old passwords.
• Use a password management application to track and manage all passwords more easily.
4. Use automatic locks
Mobile devices, and many apps, have automatic locking features to keep others from accessing your information, even if you forget to do so on your own. By enabling this safeguard,* you can protect yourself without any additional action required. It truly is “set it and forget it.”
5. Delete unused apps
If you have not used an app for an extended period, remove it from your device. Many apps have robust tracking features, and if you do not routinely use the app, you may be sharing more data with third parties than you normally would allow, and without your knowledge.
6. Regulate app privacy policies
By default, applications usually ask for more permissions than necessary. Protect your data by changing the permissions for each app* on a case-by-case basis.
7. Connect to your corporate VPN
Not every organization uses a virtual private network, or VPN, to encrypt communications, but if yours does, it’s good practice to connect to it even when at home to enhance the security of your work.
8. Only download from trusted sources
Use the commercial app store supported by the manufacturer or provider of your device to download your apps, games, music, etc.
9. Be hypervigilant about email
As always, do not reflexively click on email received as it may contain malware designed to attack your device. Extra caution is warranted today with hackers attempting to lure unsuspecting victims into clicking by listing “COVID-19” in the subject line.
10. Resist the urge to “jailbreak”
Jailbreaking, or installing a custom OS or third-party software on your device, removes manufacturer-imposed limitations. This may allow you to download alternative apps, but it also makes the mobile device more vulnerable by removing essential safeguards against malware.
*Consult your phone's features for instructions.