12 Mobile Security Tips
We each day more rely on mobile devices, our laptops, cellphones, and others. With the Internet of Things (IoT), some ordinary appliances we use in our daily lives are now also connected to the Internet. Our printer, watch, fridge, lights, and speakers are all connected to the internet, and they are all vulnerable to a cyberattack exposing your network and sensitive information.
Mobile devices allow us to surf the web, book an appointment, share files, talk to people, and even use mobile banking; for that reason, it is very appealing to hackers. Online threats are not the only threats to worry about. Mobile devices are also susceptible to physical attacks due to their portability. And the more they are used for multi-factor authentication, the more attractive they become.
Some of the threats your device can face are malware designed for mobiles, unauthorized access, phishing, and theft. Mobile device security measures will protect sensitive information stored on and transmitted by your mobile devices, keeping unauthorized people from accessing your network.
Our team has some tips to protect your device that everyone can do. It doesn't matter if you are protecting your personal device or work-related one.
1 - Use Strong Passwords Combined with Biometrics
To have a strong password, you should use eight or more alphanumeric characters, and change it from time to time. If your mobile or app allows you to use two-factor authentication, use it. It is harder to force access when an extra piece of information is required.
Avoid using the same password for devices and accounts. Also, work-related passwords should not be the same as the ones used on personal accounts.
Biometrics makes it harder for someone else to access your device, as they would need your face, voice, or fingerprints, and unlike passwords, you don't need to memorize your own body. For companies, it can also provide an activity log of people who accessed your network.
You should set your device to lock automatically and minimize visible information in your notifications and on a locked screen.
2 - Avoid Remember me and Autofill features, and Log Out
Using the features such as, remember me and autofill, increases the chances of people getting access to your credentials on websites and apps, mainly if your device is stolen or lost. The same applies when you don’t log out from apps that carry sensitive information.
3 - Make Sure Public or Free WiFi are Protected
Most of the free WiFi networks aren't encrypted. Having an open network makes it easier for cybercriminals to eavesdrop and access sensitive information. WPA (WiFi Protected Access) is more secure than WEP (Wired Equivalent Privacy). You should avoid using public Wi-Fi. However, if you must, you should use a VPN and not access key accounts and financial information.
As a company, you can program the devices to prevent it from accessing public WiFi.
You should also turn off WiFi and Bluetooth connections when not in use, apart from avoiding unauthorized information exchange, it will also save your battery.
4 - Use VPN
Using a VPN from a trusted source will protect your information from being intercepted by malicious intended people. Which, as said before, is critical when dealing with a public or free WiFi. VPNs encrypt the data sent over the Internet from the device to the network.
VPNs are also useful when accessing less secure websites, such as non-HTTPs. These sites are visible to everyone and very vulnerable to MITM (man in the middle) attacks. A successful MITM attack allows cybercriminals to monitor the network and access sensitive information.
Remember, your device security is the same as the network it is using to transmit data.
5 - Encrypt your Device and your Data
Encrypting your device will prevent unauthorized people from accessing it, which is essential in case of loss or theft. Also, both incoming and outgoing traffic should be encrypted, preventing cyber criminals from accessing sensitive information.
Most of the mobile devices come with a built-in encryption feature. However, you shall remember the password, as it will be required every time you use your mobile, and if the wrong password is entered multiple times, all the data will be automatically erased. Therefore, you should also consider having a backup.
6 - Use Relevant Built-in Features
As encryption features, iPhones have the app Find My iPhone (or Mac), it can tell you where and when your device has been accessed, and it can wipe it remotely. Android has a similar feature, the Android Device Manager.
7 - Use Antivirus
Files and apps downloaded on mobile devices may contain malicious code. An antivirus application from a well-known source will protect your device from malware hidden in apps or e-mails, and its features will enable you to erase your data remotely. It can track and block malicious callers and tell you when an application is unsafe. Nevertheless, it can clear your browser and delete cookies.
8 - Update Operational Systems and Update Apps
Most of those updates fix failures and bugs on the mobile device, and it is a patch for vulnerabilities. You should keep your device and its apps always up to date.
9 - Be aware of Jailbreaking/ Rooting Risks
When you root your device, you remove the security restrictions and safeguards that protect your data, making your system more vulnerable.
10- Use only Trusted Stores
Apps hiding malware is an increasing threat to your device and network, and it is more likely that you will encounter a malicious app outside trusted stores (such as App Store and Google play). These stores have policies and rules for the apps they offer. Even public or company brand apps can leak customers' data. Users from online payment and popular games are hot targets of cybercriminals.
As a company, you should educate your employees about the risks of downloading an unauthorized app, and you can also ban those apps from their devices.
11 - Give only the necessary permissions
Sometimes apps request access to more than the default permissions; some of those permissions aren't necessary to have the app operational such as your location. If such sensitive information is required, you can opt to give the app access only while using it. That will avoid malicious apps to run your device's location when working in the background. When you provide a location's access to an app, it can access not only your GPS but WiFi and Bluetooth networks as well.
Also, be aware that the information you use online and share on social media can be used to hack or steal your device.
12 - Be aware of unsolicited calls or message
Cybercriminals can use social engineering techniques to trick people into downloading malware or revealing personal information. Scan and verify calls, messages, and e-mails from unknown sources before opening it.
Those tips are useful for both private people and enterprises. However, we have extra suggestions if you are looking to protect your business against mobile vulnerabilities coming with the second part of this post.
Follow us on Linkedin, Twitter, or Facebook to get our updates.
This article was written by Juliane Verissímo - Marketing Department of VisionSpace