First let’s define Mobile Security for our purposes, and why it matters to you. The term mobile security means to safeguard personal and business information stored on or transmitted on mobile devices.
Mobile security can include the following:
- Physical security: Protecting the device from theft or damage.
- Network security: Protecting your data during transmission to and from the device, generally through secure network protocols and firewalls.
- Software security: Protecting the data on the device, using strong passwords and encryption.
It’s essential to recognize mobile security is critical for both organizations and end users. As you know, your data is a roadmap to you, and with so much personal and sensitive data stored on all our devices, it’s necessary to take steps to protect it all.
Rapidly changing technology and portablility means you rely heavily on these devices and that makes you vulnerable to online threats and offline threats.
Common Mobile Security Threats
Let’s examine some common threats so you have a framework for the steps to take to help prevent your information and devices being breached, leaked or stolen.
Malware and Spyware
Malware also known as malicious software is used to cause harm to a device or network, whereas spyware is software that monitors devices and gathers information.
Malware comes in many forms, such as viruses, worms and ransomware. It is often downloaded without your knowledge from apps disguised as trustworthy apps or websites or delivered through email attachments. Once there is malware on your device, it can steal your personal information, damage software, and take control of your device.
Spyware, unlike malware is typically installed without the user’s knowledge and is used to track and log or record activity. There are different types of spyware, including keyloggers, browser tracking and stalkerware that logs all phone calls and text messages.
Phishing and Social Engineering
Another common threat to your mobile devices is different types of phishing and social engineering. These types of scams use tactics to convince you to hand over sensitive or personally identifiable information (PII).
Phishing can come in several forms, but frequently is done as a deceptive email or text message, pretending to be from a trustworthy source, such as your bank or a parcel tracking service. These messages often contain links to a fake website where they ask you to input personal information.
Many of the phishing message are incredibly sophisticated and look to be from reputable sources. If you find yourself falling for the phish, remember it can happen to anyone. Scammers are using technology in new ways and adapt quickly.
Social engineering is manipulating individuals into taking actions or divulging confidential or sensitive information about themselves, others, or their organization. Frequently social engineering involves a phone call from someone posting as a bank employee, a government official or even someone from a delivery service or utility company. Sometimes social engineers send text messages or leave voice messages that appear to be coming from or sent by a family member of friend.
Social engineers also approach in-person, sometimes it’s a stranger asking to borrow your phone or engaging with you at a social event to gather information.
Unsecured Wi-Fi Networks
Unsecured Wi-Fi networks are a threat to your mobile security. When you connect to public Wi-Fi, such as at a coffee shop, you expose your device to anyone else on the network.
You need proper security measures in place so that an attacker on the same network cannot intercept your data, your password or your credit card numbers. If the attacker gets access to your device directly this gives them the ability to view and alter your data.
Physical Theft or Device Loss
If you lose your mobile devices, which is something that can happen to any of us, it’s not too late to protect your data.
Depending on your risk profile or threat model, including your state or country, you may have different considerations to your device and physical safety.
If your device falls into the wrong hands, including all your data and contacts on your device, as well as personal or sensitive photos, you are at risk.
Securing your device in advance to prevent an attacker from accessing the device or your online accounts is a simple step you can take to protect your personal and business life on your phone.
If you’re the victim of intimate partner violence, harassment or stalking, considerations for your safety include mobile device security, and the possibility your abuser has access to your device or a means of installing stalkerware to further track and log your activity.
While this is not a concern for every mobile device user, everyone knows someone touched by harassment or violence.
5 Steps to Improve Your Mobile Security
1. Encryption is the first step in your mobile security plan. Encryption is conversion of data to unreadable format which can only be converted back to its original format with a decryption key. If you use encryption, even if someone gets ahold of your data, it will have no value since it’s unreadable. Be sure to encrypt your devices, iPhones come with encryption as do most newer Android models.
2. Two-factor authentication (2FA) requires two types of identification to allow access to your data. The first factor is something you know, such as a password or pin. The second factor, is something you have, such as an authenticator app, Yubikey, or a biometric fingerprint or facial recognition. 2FA provides an extra layer of security making it more difficult for attackers to get your data. Even if they crack your password, they still need a second factor to access the information on device.
3. Consider using a virtual private network or VPN to help protect your internet privacy and limit what Internet Service Providers know about you. VPN’s can also track your location or log your data, depending on which one you use. However, they do provide an additional level of digital privacy. As with any security measure, not all VPN’s are created equal or good to use. We use Proton VPN which is located in Switzerland and abides by their privacy laws. For more information on VPN’s, please take a look at our Resources page.
4. Backup your data and devices. Remember your phone is a computer in your hand and if something happens to your information, it’s essential you can access your data and transfer it to a new device. Automated backups are relatively easy to set up on most mobile phones and tablets. Save your backup to a separate external hard drive or a trusted cloud service.
5. Update your apps and device firmware, so you’re protected against the latest security threats and vulnerabilities. Apple iOS and Android rollout new updates occasionally. Most updates are security patches to known vulnerabilities on your devices. You can choose to have your updates set to manual or automatic.
You know how we love to help you layer your security, and part of that is making sure you’re prepared and have a plan.
Securing your devices is simple, but it does take a little time to set it up properly. Once you’ve done that, it becomes part of your daily life and routine. 😊
If you need help with locking down your life, be sure and book a strategy session with us.