The number of mobile phone users has now surpassed 5 billion people. Each one of those users will be walking around with their most personal and vital information in their pockets, which is why cybercriminals are looking for ways to exploit vulnerabilities in apps, operating systems and software, and trying to capitalize on security flaws before manufacturers find and patch them.
For example, hackers are hijacking people's cell phones by tricking mobile service providers into thinking they're you. The goal is to get the company to transfer your telephone number onto the hacker’s mobile device. Once it's switched, scammers can access your bank accounts, credit cards and even your social media. It's called SIM hijacking, and almost anyone with a cell phone could be a victim.
As with any aspect of cybersecurity, you are in a never-ending race to stay ahead of the hackers. The good news is that there are a handful of components and personal best practices you can use to put mobile device security in place on any device.
Virtual Private Network (VPN)
The odds are that you've connected your mobile device or laptop to an unsecured Wi-Fi hotspot at a coffee shop, airport or other public place. We recommend that users avoid free Wi-Fi whenever possible, but if you do use your phone in public spaces to connect to the internet, it’s essential to use a virtual private network (VPN).
Most people probably think of a VPN as a service used on their laptops, but mobile VPN services are perhaps even more important for phones, tablets and other devices. A VPN is an encrypted connection over the internet from a device to a network. The encrypted connection helps ensure that sensitive data is safely transmitted. It prevents unauthorized people from eavesdropping on the traffic and allows the user to conduct remote work safely.
We recommend the use of two-factor authentication to secure important information on devices, which includes push-based authentication, QR code-based authentication, one-time password authentication and SMS-based verification. SMS-based verification is the most popular method, typically involving a passcode which is sent to your mobile device by text. However, SMS has a major flaw in that if a phone is compromised, cloned or stolen, a hacker would be able to steal the code and log into your apps.
Just as your PCs and office networks need monitoring and antivirus software to alert you to outside attackers, your mobile phone needs a similar system. Endpoint security is software that can protect mobile devices by monitoring the files and processes on every mobile device that accesses a network. By constantly scanning for malicious behavior, endpoint security can identify threats before a hacker can compromise your system. When it finds malicious behavior, endpoint solutions quickly alert security teams, so threats are removed before they can do any damage.
Only YOU Can Prevent Hackers
In addition to the systems mentioned above, there are several important steps you can take to make sure your mobile devices don’t become easy targets. Since cybercriminals usually cast wide nets to reach more potential victims, mobile users should protect their devices early on to defend against threats. The following are some of the easy steps that can be done to protect your mobile device:
Regularly update the operating system and apps. New vulnerabilities are always discovered, and vendors work to patch their applications and software as soon as they're available. For iOS, users can check for system updates under Settings > General > Software Update. Android users can look for it under Settings > About > System Update.
Download apps from trusted sources. According to an Android Security Review by Google, harmful apps are still the biggest threat to Android users. Certain third-party app stores have proven to be more likely carriers of malicious apps, so always download from trusted sources. Users should also do their due diligence and check reviews or comments on the app page to make sure it’s legitimate. Users who use mobile payment and popular gaming apps should also be cautious as they have become hot cybercriminal targets in the past.
Check for available Apple iPhone updates in the App Store. Android users can do the same by going to the Play Store. Use relevant built-in security features. You can improve your mobile device’s security by using built-in anti-theft apps like Find My iPhone. This app can help you locate your iPhone, track where it is or where it’s been, and remotely erase data in case you can't recover the device.
Dodge iPhone security and privacy issues by reviewing app permissions. Apps sometimes require more than the basic default permissions. Make sure the installed apps only have access to features they need. Review which permissions they’re allowed to use as subsequent updates and bugs might have caused them to leak user data. iOS users can configure that under Settings > Privacy.
Check Android app permissions. Go to Settings > Apps & Notifications > App Permissions. Users can also grant permissions to apps while the app is running, which gives more control over the app’s functionality. If an app displays a message saying it needs a certain permission, users can decide at that time if it’s necessary.
Minimize location access. Location services or settings, which is usually part of the quick settings feature of iOS and Android, allows apps and websites to use information from cellular, Wi-Fi, GPS networks and Bluetooth to determine a user’s approximate location, which could be cause for concern. When allowing permission for location access on iOS devices, it’s recommended to only select While Using the App instead of Always, as it prevents a malware-ridden app from running in the background and stealing a device’s location information.
Avoid connecting to unsecured Wi-Fi networks whenever possible. Turn off the automatic Wi-Fi connection feature on your smartphones or tablets. If connecting is necessary, avoid logging into key accounts or financial services and use a VPN to secure data sent and received online.
Be wary of unsolicited calls or messages. Attackers use a variety of methods to get users to download malware or reveal personal information. Scan or verify any messages, calls or emails from unknown senders before opening.
This may sound like a lot of work, but a big part of internet security involves common sense. As a mobile phone user, you should learn how your phone works and all the ways it can make your life easier. Whenever you see a message or notification that you haven’t seen before or looks strange, take a minute to inspect it and make sure it isn’t malicious.
If you are concerned about mobile security for your business, check out the cybersecurity guide below, and contact your friends at the Gordon Flesch Company for a free assessment of all your cybersecurity needs.