Security and Your Mobile Device

There are several action items I perform at the start of each year. I repeat many of them several times a year, but I find that the New Year is always a good time to reexamine my privacy and security protocols to be sure I’m up to date.

Today, let’s focus on the security of our mobile devices or, as some call them, smartphones.

Like many members of the Self-Reliance Institute, I find that I use my mobile device more and more to conduct personal communications and professional business. Whether it’s texting with friends during a big sporting event or answering an important business email, my mobile device allows me to stay connected.

But, of course, hackers and identity thieves know that Americans are using mobile devices in ways that are rapidly replacing the use of PCs and laptops for sensitive communications and transactions. So the bad guys are getting more creative and industrious when it comes to attacking mobile devices.

For that reason, it’s important that we take steps to be sure the security of our mobile devices is as good as it can be.

This week, Network World had a slideshow, “7 Security Mistakes People Make with Their Mobile Device,” containing a good, concise list of “smartphone security slipups” we should all consider when it comes to our mobile devices.

If you like, you can follow the link for the complete slideshow. But, quoting from Network World, I’d like to highlight four of the most common mistakes I believe folks make with their mobile devices. Mistakes that can make it far more likely that you will be the victim of identity theft or cyberespionage.

Failure to lock down your device – “While it may not be the most effective form of security – in fact, it’s arguably the weakest – it’s still a first line of defense. Whether it’s locking your phone with more advanced technology like the iPhone 5S’s fingerprint scanner or using a more simplistic method like a PIN or password lock, locking your device locally can be the differentiating factor that keeps your lost phone protected long enough to track it down or wipe it remotely.”

Not having the most up to date (and therefore the most secure) versions of your apps – “Apps are often released with vulnerabilities, and sometimes those security flaws even manage to persist throughout multiple updates and iterations of the software. By the time developers finally get to patch the vulnerabilities in their apps – like the recent issues with the LinkedIn Intro app for iOS that allowed attackers to easily spoof profile information — users could be multiple versions behind if they aren’t diligent about keeping up. Keeping your software up to date by downloading updates as soon as possible after they are released can prevent users from posing a security risk to their companies simply by using their apps.”

Opening questionable content – “There are a number of ways users can access shady content via their mobile device. Messaging poses a particular threat in the form of SMS. Spam texts containing links to sites that pose threats are not unheard of, for example, and users should avoid opening links from sources they don’t recognize.

“Equally risky is downloading apps from third-party app stores. Apple and Google may not be flawless in their approach to weeding out questionable apps from the App Store and Google Play, respectively, but at least there is some sort of screening process. When you download software from untrusted sources that are not, for example, Google or Apple approved, there’s no telling what kind of malicious software you may end up with.”

Using public or unsecure Wi-Fi – “When it comes to using Wi-Fi instead of your phone’s data connection, stick to what you know is secure, like networks with WPA2 encryption. Open, unprotected networks are entirely too risky, especially for users that are carrying sensitive company data on their devices. Aside from making it all too easy for others to access your mobile device’s information by sharing the same network, public Wi-Fi can even allow attackers to hijack your device through your apps. A vulnerability was recently discovered in some iOS apps, for example, that allowed attackers to intercept the traffic between the app and a public Wi-Fi server and instead send their own data to the victim’s phone, including malicious links or fake news.”

I can tell you from first-hand experience and observation, if you follow all four of the above suggestions, you will dramatically decrease the odds of your mobile device being hacked and the important information it contains being stolen by an identity thief or cybercriminal.

Of course, for really sensitive communications and transactions, you may want to wait until you know you’re on a properly secured PC. After all, it’s always better to be safe than sorry!

Be safe and secure,

Rob Douglas

[email protected]