The proportion of smartphone use, and time spent online using a phone or tablet compared to a laptop or desktop PC continues to increase. That being the case you would think that the kind of security-aware practices adopted by laptop and desktop users more than a decade ago would also now be standard practice for smartphone users. Think again.
The following article details a basic list of security measures that you should adopt as a minimum to protect your smartphone data.
Lock your phone
Locking your phone is a no-brainer, right? Contrary to what you might think, not everyone secures their smartphones with some form of authentication. A recent report revealed that a third of smartphone users don’t use any form of screen lock.
This is a basic as it gets. You should always lock your device using a code or swipe pattern that is not easily guessed like 123456 or an ‘L’ shape. Ideally, you should use multiple factors where possible, like a combination of a password/PIN and a biometric feature, like your fingerprint or face recognition.
Don’t jailbreak your device
It may be tempting to root or jailbreak your smartphone, but all major manufacturers advise against it. It will usually invalidate your device’s warranty and exposes it to unnecessary risks.
Only get apps from the official store
Combining a rooted or jailbroken phone with an unofficial app store, can quickly lead to problems. Apps on alternative stores don’t go through the same approval process as those in the official stores, which means it’s easy to download a malicious app that may cause havoc on your phone. Bear in mind that the official stores regularly find malicious apps and have to remove them, and that’s with the rigorous approval process, how bad do you think it will be in the unofficial world?
Beware apps permissions
As you know, phone apps request a variety of permissions so they can perform their magic. Like most people, you probably just quickly cast your eye over them (if at all), and tap accept. That approach may be convenient but it’s also risky. You should always review the permission list requested by an application before you allow it to proceed. If you accept too easily, you may be granting bad actors access to spy on you or to steal your data. You need to ask the obvious questions, like, does a torch app really need access to your microphone or camera?
Installing security software
The value of using security software to protect smartphones is usually underestimated. This is probably because people still consider it to be a phone more than a pocket personal computer, which is what it actually is. Whatever the reason, we see time and time again that smartphones are susceptible to attacks in just the same way PCs and laptops computers are. Reputable security software like Malwarebytes could save you from annoyance or serious problem.
Remotely wiping your device if it is lost or stolen is the ultimate security fallback. As extreme as this may sound, it is a good option to have if you store sensitive data you don’t want anyone to see. Both iPhone and Android phones have remote wipe facilities, but you must ensure things like location services are turned on for it to work so make sure your device is configured correctly to allow remote wipe.
Always back up your data regularly – at least monthly or more frequently if necessary. In the event you become a victim of a malicious attack that may corrupt or lock your files, you will have a clean copy of your data that you can use for recovery.
Encrypting your data is also an important step than should not be overlooked. Encrypting the files on your smartphone will give the bad actors a run for their money and make it more difficult for them to successfully access your data.
Patching is a cornerstone of security management. To lower the chance of issues from malware and attacks you should always make sure you install the latest official updates on your device. Most updates contain security patches that help keep you protected by fixing the vulnerabilities that allow attacks to happen.
You may want to dispose of your phone or pass it on to a friend or family member or maybe sell it to someone you don’t know. If that is the case, there are several steps you should complete to dispose of it safely. Whatever the device, it will include logging out of all the services you use and encrypting the drive before wiping it. Lists are available online for securely wiping all device types.
Phishing scams are rife and although email is the most popular delivery method, it is not the only one. Learn to be wary of all form of messaging. Scammers often send out text messages that contain infected links that can lead to all types of malware infection. In recent times, attackers have been engaging in more sinister attempts. You may receive calls from international numbers from countries you have never had any interaction with. By calling the number back you can be charged extortionate prices. Never call numbers back that you aren’t expecting.
Don’t think it can’t happen to you
With luck and a little planning, you’ll never have to deal with the result of a security breach or one of your accounts being hacked but accepting that the possibility is always there may help you avoid it. Being prepared is no bad thing. From securing your device, to having backups at the ready, or having the option to remotely wipe your device, you can prevent attacks or reduce the damage to a minimum. If nothing happens, great. If something does, you’re ready to deal with it.