The amount of personal information stored on mobile devices has increased over the years because of the convenience of use and handiness. They are also used for our everyday transactions whether business or personal. Knowing that our mobile devices have become a key part of modern life, it is necessary that they are secured so that whatever personal information has been stored on them is protected. The necessity to secure our mobile device is borne by the fact that unlike computers they are easily misplaced or stolen. When this happens, every information stored within becomes vulnerable and easily accessible to a stranger if not secured so you should ensure mobile security. With that being said, Mobile security from Lookout will be definitely that one you will need when something like this happens. This article discusses the various security threats to mobile devices and measures that could be taken by mobile app developers, mobile app development companies, and end users.
Security Risks to Mobile Devices
Mobile devices have security risks that could occur from within the device through apps and insecure websites and from outside when stolen, lost or abandoned. It is your duty to take measures against these possible threats. To do this, you have to, first, identify the vulnerability of your device.
Here are some specific security risks to mobile devices:
1. Security risks that occur when the device is stolen or lost. This happens very often, and the risk of leaking personal information when this occurs is very high especially if your device does not have a passcode. Having a passcode will however not make your device impenetrable to hackers. The new owner of your device is most likely going to get information about your email, social media and shopping accounts, your bank details and credit card information, contacts, photos, and videos.
2. Security risks that occur when there is disclosure of data while using mobile apps to the public. This is only a security risk if it is unintentional which it usually is. It happens when certain features of a mobile app request that you add a location or check-in. By doing this, you are unintentionally disclosing personal information, especially about your location when you post pictures, check-in or are tagged in photos.
3. Security risks when a mobile device has been abandoned, discarded or donated for a new device without first wiping out existing information. The new owner receives the device along with all your information.
4. Security risks from fraudsters sending fake messages that appear genuine to trick the receiver into giving or entering personal information and passwords.
5. Spyware attacks on a mobile device from an unverified app or website. The information that could be logged by spyware includes names, phone numbers, email addresses and credit card information.
6. Security risks from using an unsecured Wi-Fi network can also leave information on your device vulnerable especially if you enter them into websites that do not use SSL encryption. That is that does not have an ‘https’ prefix.
General Security Measures For Mobile Devices
These are general security measures against the risk discussed above.
1. Against Stolen or Lost Phones
You should use a passcode on your device; this could be a password, pin or pattern. They are usually for digits but could be rigged to be more if complex or advanced settings is used. This may, however, be ineffective against hackers but not against your average thief. At most, it gives you time to erase the data on your phone before it is hacked into.
Each of your accounts should have a different password. It may be tiring to keep track of each of these passwords, but this measure leaves some or all of your accounts safe when you lose your device. Passwords should also be made to have complex characters including numbers, letters, and signs.
You should enable the remote wiping feature on your account. This ensures that you completely erase the data on your phone if lost from a third party account. For IOS, this will be the find my iPhone App, for Android you could get the Android device manager from the google settings app.
Ensure that you do not store your credit or debit card information on your mobile device.
Encrypt your device such that information will not be easily accessible if connected to a computer.
2. Against Disclosure of Data through Mobile App Features
Ensure that geotagging is disabled on your app, this will ensure that your location is not automatically broadcasted without your permission when you use the app or post pictures.
If there is a check in feature on a social app, refrain from using it except you want your location to be broadcasted.
3. Against Abandoned or Donated Phones
Always reset to factory settings before abandoning or giving your device away. This will ensure that personal data is wiped off the phone.
Remove memory card if any is attached to the device.
Always remember that an abandoned phone could easily become stolen, so wipe off data immediately they are stored on your new device.
4. Against Fraudulent Messages
Review every message you get requesting for personal information to check for bad grammar and typo. This is usually a sign that the message is not from a genuine source.
If you are suspicious about the source of a message, you should call your service provider, not the number listed in the message to confirm if it is genuine or not.
5. Against Spyware Attacks
Ensure you update your device software as often as possible, manufacturers use such updates as plugins against spyware.
Keep an eye on app permissions. Ensure you review before granting them. Where an app is requesting you grant permission to access information on your app that is not required to use such App, you should be quickly alerted.
Do not change your phone security settings as factory installed. This makes it vulnerable to attacks.
Install an antivirus on your mobile device.
6. Against Unsecure Wi-Fi Networks
Be careful while connecting to networks in public places like cafes, restaurants, and hotels. Connecting to unsecured networks is a sure way for your information to be accessed by hackers.
If you must use unsecure networks, then only log into sites that have SSL encryption.
How To Secure IOS Devices
1. For 4 Digit Passcodes – Settings -> General -> Passcode
2. For Longer Passcodes – Settings -> General -> Passcode -> Complex Passcodes
3. To enable wipe data after ten failed passcode entries – put ON the erase data toggle on the Passcode screen.
4. To wipe your device remotely if lost, you should have first enabled the ‘find my iPhone’ feature, to enable go to– settings->iCloud->enter Apple ID and Password->turn ON the toggle for find my iPhone.
5. When lost or stolen – iCloud.com/#find, enter the details requested and the select the device you want to erase, click erase device in the new window and enter Apple ID.
How To Secure Android Devices
1. For Passcodes – Settings -> Security -> Lock Screen
2. Face Unlock
3. Remotely Lock and wipe your phone using Android Device Manager.