Smartphone Security Tips
In Christina’s Blog post “Hackers Crushed My Smartphone During My Candy Adventures!”, Christina mentioned that we would be providing more information regarding cybersecurity and how it relates to smartphones in later posts. Well, todays’ post focuses on these more specific smartphone security recommendations.
Now Christina and I have two contrasting personalities, as you can tell from the style of our blog posts. And given that, it should be evident that one of us has an Apple IPhone and the other one has a Samsung Android Smartphone. It is probably obvious that I am the risk adverse one of our team, I definitely prefer the security that Apple and the IPhone provides vs. the less secure and more vulnerable Samsung Phone and Android operating system. Now I am sure that some Android smartphone users would beg to disagree concerning which platform is more secure, but I would just say that it is my opinion. I am a geek and, yes, I have read the Apple iOS Security Guide. If anyone wants to debate this, I would say to read Apple Security Guide and then explain to me how Androids Security is better. Now, I am actual being facetious about debating whether iOS is more secure than Android. I am sure that the last thing anyone would want to argue about is what smartphone OS is more secure. I am sure Christina would be 100% in agreement of this fact. But I just wanted to say that yes, Apple has put a lot of thought into their IPhone operating system security. Since I don’t have an Android Phone, I am not as familiar with their security strategy, but I am sure a lot of work is put in securing the Android Platform also. But the truth is, both platforms have risks and vulnerabilities which can be minimized with better cybersecurity practices while using these smartphones. And given the amount of personal data, such as personal correspondence, photos, financial information and credentials, that can be revealed to strangers if someone was able to access the smartphone, it is smart to protect yourself by securing your smartphone.
The FCC provides a Smartphone Security Checker (http://www.fcc.gov/smartphone-security) on their website which lets you pick the type of smartphone you have, and it will produce a list of smartphone security advice specific to your smartphone. I would recommend you check this site out. That being said, there are common security advance to apply to both Android and Apple iOS platforms:
- Set a passcode. Let’s face it, smartphones are pretty much portable computers where the owner can do quite a bit on the phone and in which Personally Identifying Information (PII) are stored, and critical data may be generated. Thus, it amazes me that it is estimated that at more than 30% of people don’t password protect their mobile devices. If your iPhone is stolen, the passcode will insure that the thief can’t access your data. The simplest and most efficient way to protect your data is to use a strong password instead of a simple 4 digit pin code for unlocking your smartphone. It’s a good idea to use a combination of letters, digits and symbols. It’s even better if the password is requested immediately after the lock screen, without a delay. Now, like everyone, I don’t like typing a password on my phone for convenience purposes. Thus, I don’t have a password on my personal IPhone. But I do make it a little more difficult by using a 6 digit passcode instead of 4 digit passcode. I do this by turning off the simple passcode feature. But I do use password on my work IPhone because of the sensitivity of my information associated with work.
- Logging in with the Touch ID. If your device sports Touch ID fingerprint scanner (iPhone 6 Plus, 6, and 5s) or some other biometric scanner (Android devices) it is recommended to use this for your login as it is more difficult than a 4 digit passcode which can be guessed with enough time.
- Beware of social engineering and shoulder surfing when entering passcode. Given my career choice, I have a tendency to practice social engineering and shoulder surfing while out in the public to see how easy it is for me to observe other people to enter their passcode. There were several times when I have seen people type in passcodes at the store, and I just wanted to walk by and recite there passcode out loud in hopes that they would learn how easy is for someone to observe their passcode. Since many people use banking apps on their smartphones, I would said to guard your passcode as you would your Bank ATM number.
- Enable your “Find My IPhone” option on your IPhone or make use of Google’s Android Device Manager Website. If your iPhone does get stolen, Find My iPhone may be the way you get it back. This free feature uses the phone’s built-in GPS to pinpoint its location on a map so you can track it to its current location. It’s a great tool for finding lost devices, too. Google’s Android Device Manager Website lets users find the device, ring it (the device emits a loud noise so you can find it), remotely lock the device or erase the data.
- If you sync your smartphone with your computer, the data from your phone is also stored on your desktop or laptop. That means that the data is potentially accessible by people who can get at your computer. Secure that data by encrypting those backups. This prevents someone who doesn’t know your password from getting access to your data by using your computer.
- Set the wipe feature on the smartphone. Some smartphones allow you to set your smartphone to lock right away and even to wipe your data after too many failed authorization attempts. You can set your device to erase all data on smartphone after 10 failed passcode attempts. But keep in mind that all the data will be erased forever and you won’t be able to recover it, so it’s best not to forget your password and also wise to back up your phone to your computer weekly just in case. I once entered my password incorrectly on my work smartphone 10 times had had it erase all my data. I had a habit of typing my password quickly, and after the first 5 attempts, I realized that I had recently had to change my password due to my work policy. Once I got to 9 attempts, I realized that I didn’t remember what I changed it to, and yes, number 10 erased all the data on my phone. Luckily my work had daily backups of my emails and smartphone, so it was easy to resynch but took a little time. Thus, I highly recommend consistent backups if you implement this function.
- Download apps only from trusted stores. Only download mobile applications from authorized application stores like the Apple App Store or the Android Market. Be cautious about what applications you download by checking the ratings and comments of new apps prior to installing them. Also, be aware of what the app does and what information I may access on your smartphone.
- Turn off Wi-Fi and Bluetooth® when not in use. Thieves can use these access means to connect to your device and access files on your phone. Although they provide an easy means to connect devices such as headphones and speakers to your smartphone, just make sure it is turned off to minimize risk of someone connecting to your smartphone via these access points.
- Log out of sites after you make a payment. If you bank, shop, or log in to any account from your smartphone, log out of those sites once your transactions are complete. Also, we recommend not storing your usernames and passwords on your phone and avoiding transactions while you are on public Wi-Fi.
- Keep your operating system and apps updated. There are typically periodic updates to both of these that not only add new features, but also probably include security fixes to previous versions.
- Do not modify your smartphone’s security settings. We definitely do not alter security settings for convenience. These features are there for a purpose. Tampering with your phone’s factory settings, i.e. jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone. Unless you are a tech geek, really there is no reason for jailbreaking or rooting your phone.
- Be smart on open Wi-Fi networks. When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.
Taking these basic precautions to prevent bad things from happening with your smartphone. The key thing to remember with smartphones is some security practices will probably deprive your smartphone of some of its helpful features, but at the same time will better protect your data on the smartphone. You can choose what you’re ready to sacrifice for the sake of security — it’s completely up to you. But, I would recommend you ask yourself, what can a thief compromise if you do not do this and your smartphone is stolen or lost. Knowing that your data is protected and secure will make you glad you follow these tips in case you ever lose or misplace your smartphone.