We are fortunate to live at such a time, when so much technology exists to make our lives easier, or more convenient. Unfortunately, we also live at a time when vulnerabilities in these systems is exploited by, and for the benefit of, bad actors. That will never change, human nature being what it is. It remains for the users and consumers of this technology to do all they can to protect themselves and their private information.
Statista (a company specializing in market and consumer data) completed a survey which indicates 85% of adults in the US own a smartphone. And we use our smartphones for everything. Dinner reservations, GPS for navigation, purchase theater or movie tickets, streaming videos, browsing Facebook, Twitter and Instagram, banking, shopping… there’s no end to what we can do. But we should be more careful about how we do these things, and where we do them. Here are a few pointers on how you can use your mobile device a bit more safely.
Where do you get your apps?
One of the most important things you can do, is download apps from legit app stores. If you use an iPhone, get apps from the App Store; if you use an Android phone, get your apps from the Google Play Store. While this doesn’t guarantee that the app is safe, it does offer you the opportunity to research the app, read user reviews, and see whether the app has a small number of downloads, or a lot of downloads for credibility sake. These can be indicators of how trustworthy the app is, how long it has been around, and how many times has it been downloaded.
What permissions is that app requesting?
Once you do decide to download an app, take note of what permissions it’s requesting. Does it want access to your contact list? To your photos? To your camera and microphone? Access to modify system settings? Access to data storage? Keep in mind while distributing permissions that if and/or/when there is a vulnerability that gets exploited on an app you use, hackers will have that same access to your device and the contents on the device as you granted to the app. Periodically, review the apps on your mobile phone and what permissions they are requesting. Disable any permissions that aren’t necessary for the app to work. If you don’t use an app any longer, uninstall it.
In 2019, WhatsApp experienced a cybersecurity breach that left users vulnerable to malicious spyware installed on their phones. The vulnerability allowed attackers to inject spyware on the phones by simply calling targets using the app. Whether the call was answered or not, the malicious code was still transmitted to the device. Another data breach occurred which exposed personal mobile numbers for users of WhatsApp. With these two events, the keys to the kingdom were practically handed out to anyone who wanted them. Pay attention when there are news reports of data breaches, whether it be for a mobile platform, an app you use, your mobile phone provider, or any other company you do business with. Once you learn about a breach take steps to mitigate your potential exposure. This can be as simple as changing the password on that account.
Be aware of how you are connecting to the internet with your mobile device. Are you sitting in Starbucks, enjoying your Grande Mocha Latte half caff with whip while browsing the internet, or shopping at your favorite online store using Starbucks public WiFi? Or even just checking your email on public WiFi? Accessing any site or service that requires you to log in with credentials, or send financial information, can expose the information you’re accessing to hackers who are also using that open WiFi connection. Then, they can capture the information and exploit it.
Poor Password Security
According to a Google/Harris poll in 2019, more than half of Americans reuse passwords across multiple accounts. Hackers can easily gain access to lists of leaked passwords, thereby gaining access to hundreds, if not more, accounts. Every account that uses that same password is now an open book. Don’t use simple, easy to guess passwords; have some length and complexity to them. Use numbers, long phrases and symbols. Regularly check if you have been the victim of a breach on haveibeenpwned.com.
Ok, now you know that you should not reuse passwords, and they should be complex and hard to guess. So how will you keep track of them? There are several good password managers available, both free and paid (additional features available on paid accounts usually). Search for password manager reviews and take a look at what’s out there. Be aware that some reviews may allow the writer to get a commission based on clicks/purchases from the reviewer’s site. That’s not necessarily a bad thing, just be aware of it and read reviews from several sources before deciding what will suit your particular needs. When you set up your master password for that account, make sure it is a very strong, complex, yet easy enough for you to remember, password that isn’t reused on any of your other accounts.
Multi-Factor Authentication is an extra layer of security required in addition to a username and password. There are a variety of ways to suffice MFA including knowledge, like an additional PIN, things you have in your possession, like having a code sent to the mobile device in your possession, or something biometric, like a thumb print. We cannot recommend making sure MFA is turned on enough. This is such an important security step. For newly downloaded apps, MFA is likely something that is offered nowadays upon set up. However, we recommend going back into apps you have had on your phone for a long time and ensuring MFA is set up. Many times is the case that apps you downloaded a long time ago were not pushing MFA, so you likely have several that you do not have MFA set up on. It is very much worth going back to check.
One of the best things you can do to limit the vulnerability of your mobile device is to keep it updated. The phone manufacturer and software developers periodically release updates for their apps. While there may be some new features, more importantly there are updates that are to patch known vulnerabilities. Known vulnerabilities will be exploited by hackers, so just slam the door in their face by keeping your phone’s operating system and applications up to date. Added benefit? Your device will perform better! There will come a point at which the manufacturer will no longer provide security updates for their device, when it becomes too old and the hardware is inadequate to the current demands, but that is usually several years down the road from initial release.
I hope with these tips you are better able to protect your, and your family’s, data. While these devices can be quite powerful and often replace a home computer, they can open the doors for exploitation quite easily. As Peter Parker’s uncle said, “With great power, comes great responsibility”. That holds true with your mobile devices. The great power they provide is very enticing, but you are in charge of traversing that road responsibly.
If you would like assistance ensuring you and your company are secure, please contact us and we would be happy to help.