Mobile Device Security

As users across the globe have moved from spending time on their laptops to primarily using mobile devices, cyber criminals have followed. What sort of risks are you taking when you are checking your e-mail from your phone, shopping online, or using mobile applications like Uber to get a ride home?

Below is a list of the security best practices you should be following when using your mobile device:

1. Secure Your Phone
   Treat your mobile device for what it is – a small, powerful computer! This means using anti-virus software and installing updates on a regular basis. Operating System (OS) updates are a must to patch potential vulnerabilities, but most users today do not keep their mobile OS up-to-date.Many people will ignore or block updates sent by vendors, thinking they will install them at a later time. However, failing to update in a timely manner compromises mobile device security and leaves devices vulnerable to malware and other security threats. Laptops and other endpoint devices typically have much stronger security controls on them than mobile devices, which makes them a much easier target.
2. Keep Track of Your Phone
   Protect yourself by never leaving your mobile phone unattended. Did you know that over 3 million smart phones are stolen each year and of that, fifty percent, or 1.5 million lost phones, are never recovered? When you consider that lost or stolen laptops, mobile devices, and other digital media are responsible for nearly 41% of data breaches, then you begin to understand the importance of securing your mobile devices. If you are using a smart phone or mobile device to access work-related information, be sure you have read and understand your organization’s remote access and mobile usage policies for protecting organizational data.You may also want to install an application that will encrypt sensitive data stored on your device. Consider installing mobile device locator software, and back up your device
   automatically or often.If your mobile device is lost or stolen you should:
   1. File a police report immediately.
   2. Report the loss as soon as possible to your cellular service provider.
   3. Have the phone number or account disabled so no further charges can be applied.
   4. If the device contained sensitive and or work-related data, even if it was encrypted or locked, contact your IT department immediately.
3. Prevent Unauthorized Access
   You should also password protect access to your device so even if it is stolen, it will be difficult to break into. Ensure that the mobile device locks automatically. Use a strong password or passcode – a simple pattern or swipe password won’t be much of a deterrent for someone with malicious intent, but a strong password prevents anyone from easily accessing personal information. The use of biometric authentication features, such as fingerprint scanner or facial recognition, will also make it harder for others to unlock the device but actually much more convenient for you. You should also review your passcode settings to turn off features that can be accessed even when the home screen is locked, and limit the information that appears in notifications.
4. Travel Precautions
   Traveling can bring unique data security challenges. Using mobile devices in unfamiliar places can expose devices and data to malicious people and software. Before you leave, you should always backup your data. Install and configure encryption software on your devices so if they are lost or stolen the data will be hard to steal. And always keep your phone on you and do not leave unattended in the airport (i.e. don’t plug it into the wall and walk away to buy a water before your flight!).
5. Safe Internet Usage
   Follow best practices for Internet usage. As much as possible, you should choose to use your encrypted broadband or mobile connections instead of public wireless connections, as they are not secure, and connecting to them can expose the device to a multitude of risks. Turn off the automatic Wi-Fi connection feature. If connecting to a public wireless network is necessary, avoid logging into key accounts or financial services. Alternatively, if you have access to a VPN, the use of that secure, direct channel would be a better option as well. Man-in-the-middle type attacks can occur when a User thinks they are connected to a trusted public Wi-Fi network, but are actually connected to a malicious network. Criminals have also been known to target software or components within the device, such as the WiFi or Bluetooth connection, leveraging proximity to the device and gaining access to data. If you’re not using Wi-Fi or Bluetooth, turn them off. Besides avoiding potential attackers, this will also save valuable battery life!
6. Don’t Overshare
   Manage the information you are sharing online as you scroll through your Facebook and Instagram feeds on your phone. Do not share anything you are not comfortable with anyone else in the world seeing. Make sure to also take advantage of privacy settings on social media apps and sites. Some sites will share your location, email, phone number, or more to the public by default.
7. Secure E-mail
   Phishing is a threat for mobile device users as they are often quickly reading messages on the go, and may rush and fail to identify the potential warning signs of phishing. All email best practices apply so it is important to always validate who you are sending messages to, ensure there is no sensitive or confidential information included in your message, and verify senders before opening any attachments or clicking on links.
8. Practice Safe App Usage
   With more than 2 million mobile applications available and that list rapidly growing, it is important that you only download apps from trusted sources. The vast majority of malware comes from unreliable third party application sources.Large application stores like Apple and Google continue to enhance the security of their stores and are actively reviewing the security of apps available for purchase. Other security features are also offered, for example, Google Play Protect can automatically scan an Android device for malware when installing new programs.Mobile application malware also continues to increase, with the number of Android-based malware samples growing significantly from 4 million in 2017 to 5 million in the first eight months of 2018. Any app that has the ability to send URLs is a higher risk as this provides attackers with an opportunity to create social engineering attacks via messages and links, tricking users into providing access credentials or other sensitive information.You also need to pay attention to the permissions requested by downloaded apps. Many mobile applications may access your contact lists, your e-mail, and other personal information without your knowledge (or even with your naïve approval). Limit the permissions and the access any application has to only that required for the application to function. If the permissions requested don’t logically align with the functionality, you may want to reconsider the use of that application.

   Last, but definitely not least, make sure all apps are up to date. Some software vendors may provide automatic updates, but you may also want to go to the App Store and check for
   available updates.

   If you are not actively using an application, uninstall it from your phone. The fewer doors you have into your smartphone, the fewer chances an attacker has to compromise it!

Phones have made our lives easier in so many ways, allowing us to be more flexible with our schedules, remain in constant contact with customers, co-workers, family, and friends, and provide immediate access to e-mail, social media, the Internet, and more. However, with technology enhancements, there are always new risks. Take the steps above to secure your mobile device.

Some additional guidance from CampusGuard’s Customer Relationship Management Team below:

[Allison]: The evolution of cell phone technology is quite amazing if you think about it. Gone are the days of phones in zip-up bags that plugged into your cigarette adapter! Physically, cell phones have gone from big and bulky, to small and sleek. The technology inside of those small and sleek phones has expanded greatly, and with that technological expansion has come the need for greater security. Following the steps listed above can minimize the ways in which your personal information can be compromised. Also, remember that our phones are, for the most part, by our sides at all times. In addition to physical security, think about personal health. Sanitizing your phone on a regular basis reduces your risk of picking up a cold, or the flu even. Sanitizing wipes, or phone sanitizers are relatively inexpensive ways to keep your phones germ free!