Security tips for PCs encourage you to be more sensible with your password, to install anti-virus software, and to make regular backups in the event of a ransomware attack.
But for some reason, these same lessons aren’t transferred to our smartphones. Mobile malware is a massive threat, an area in which cybercriminals are focusing their efforts. Cybercriminals have correctly identified smartphones as a gateway to riches, and pivoted their attack vectors, and adding new ones, to target victims through their phones.
Smartphone Security Risks
The risks from mobile malware and smartphone security issues are clear. Consider the information you have stored on your iPhone, Android, Windows 10 Mobile, or even BlackBerry (or Ubuntu Phone — all mobile operating systems are at risk). These devices store your name, they store your contacts. Personal data and business/professional data is also likely to be stored on your phone. This represents a double payday for hackers — and double the risk to you.
There’s an additional risk, too. Should a device be lost, stolen, or stop functioning, you’ve lost everything that was on it. Unless a cloud backup sync was in place (which a thief or hacker might now gain access to), you would have to start from scratch.
Security Threats Targeting Your Smartphone
The most obvious threat to your smartphone security is through physical theft. Beyond this, there are several online risks to your smartphone and its data.
For example, mobile apps are a concern. Even those produced by the biggest names in software are not immune to vulnerabilities. Factor in issues with fake apps, with mobile malvertising (find out about malvertising), and other security risks, and you’ve got a considerable (and, perhaps, oversubscribed) attack vector targeting your phone.
There’s more. Mobile banking malware is on the rise, for example, as is mobile ransomware. Web-based threats target your smartphone, again with the malvertising threat. You should also be aware of the threat from unsecure Wi-Fi connections — these are a particular risk in shopping centers and cafes.
So, six threats, each targeting your phone in different ways. Is there anything you can do to mitigate them? How can you defeat the smartphone scammers? We’ve got 10 steps you can follow to keep things more secure.
1. Don’t Click Links in Messages and Emails
Pretty much every medium offers clickable links these days. SMS, for instance, displays text messages with HTML formatting, meaning the links are clickable, rather than just in plain text.
The same is true of online messaging services, from Skype to Facebook Messenger. Emails, of course, feature clickable links.
These messaging mediums are used as attack vectors by scammers desperate for you to click on their links. Once you fall into their trap, you’ll be taken to a cloned website, and fooled into submitting your personal data, for the scammers to use later. Or you’ll unwittingly download malware to your computer. Trojans, adware, ransomware — they’ve all been transmitted through email, SMS and instant messaging.
2. Exercise Caution When Installing Apps
Need to install an app urgently? Wait.
Before installing any software on any mobile (or desktop) device, you need to know a bit about it. You’ll find full details of the app in your mobile platform’s app store, so spend a few minutes reading about it. Find out more about what the app does, and what permissions it requires.
You should also check through the reviews. Does the app do what the description claims? Are there any poor reviews? Do bad reviews set off alarm bells, or explicitly state that the app is dangerous? And when was the app last updated? If it wasn’t in the past six months, you should look for an alternative.
As for choosing an app store, you should stick to the trusted options. In the case of Android, this means sticking with the Play Store. For iOS, get apps from the App Store, and don’t jailbreak.
3. Log Out After Online Shopping
Like to compare prices when you’re out shopping, and making a cheaper online purchase as you walk through the mall? Perhaps you prefer the convenience of shopping on your phone from the office? Either way, whether you’re shopping via an app or a mobile website, you need to logout when you’re done.
Well, so is having your phone stolen. So is having your account accessed by a stranger, your credit card accessed and misused. Very inconvenient.
4. Keep Your Operating System and Apps Up-to-Date
This is one of those facets of computing that cannot be repeated enough, and it also applies to mobile phones. Whenever you spot an update is available for the operating system, make sure it is installed. If not straightaway, then as soon as you’re connected to a suitable wireless network.
System updates often include fixes for vulnerabilities, and the sooner these are closed, the safer your smartphone will be.
The same goes for apps. Make sure you have given permissions for your app store to automatically updated installed apps. When software developers release updates, they’re often does for security and stability, so it makes sense to install them.
5. Disable Connectivity and Location Services
Need to stay online 24/7? No, you don’t. Anyone who needs you that urgently will send a text message or — amazingly — use the phone.
If you’re not accessing the internet, not browsing Facebook, not sending an email, then you don’t really need to be online. So while you’re not using your online access, switch it off! The same goes for Bluetooth, too. No headset or keyboard required right now? Disable Bluetooth, even if it’s the “low energy” Bluetooth 4.0 LE specification.
The same goes for location services. If you want your smartphone to be truly secure, you need to deal with privacy. Disable location services unless you absolutely need them (for using a map, for instance).
6. Keep Personal Information Private
When you’re online, you don’t know who is reading what you send. Even if your social profile is private, if a friend has their account compromised, much of your personal information will come to light.
When you receive messages, you need to be 100% certain that the sender is genuinely who they claim to be. If not, trouble will follow. Take, for example, the stranded traveler phishing scam, which uses a cloned social networking profile to fool you into wiring money to a “stranded” family member or friend.
Don’t reply to messages you can’t guarantee are genuine, and don’t share personal information.
7. Don’t Use Jailbreak/Root Your Device
While there are many good reasons to gain root access to your device (using Jailbreak on iOS or a rooting tool on Android), the truth is, it gives third-party apps an opportunity to leave your phone open to remote attack, intentionally or not.
But if you’re a fan of customizing iOS or installing custom ROMs on Android, you’re in a tricky position.
So, as much as we love the power that rooting/Jailbreaking gives you, it is time to give this some real thought. Do you want to open your phone up to potential issues and security threats just to gain some functional improvements?
The choice is yours. Why make the cybercriminal’s job easier?
8. Maintain a Backup Regime
What happens to the data on your phone if the device is lost, stolen or locked with ransomware? If you enjoy smartphone photography then your hard work could be lost. Your MP3 collection, vital email attachments, and more might also be lost.
To avoid this, you need to make backups of the contents of your smartphone. Manually backing up your data via USB cable is one option for Android users, but apps are available that do this. For iOS, a full backup of your phone can be made via iTunes.
If you’re using cloud storage, make sure that your vital files and folders are synced to the account, regularly updated, and readily available from other devices. Check this before the worst happens.
9. Use a Mobile Security Suite
You use security tools on your desktop computer. Why should the pocket computer in your hand be any different?
While you probably won’t need a security suite for iOS (although looking at the sharp increase in security issues for iPhone and iPad over recent years, you may want to modify that outlook), it’s a very good idea to install one on Android.
Android is a more likely target than iOS, so installing a competent security suite that will deal with malware of all kinds is a good idea. We’re not just talking viruses here. Ransomware, spyware, Android adware and Trojans can all be detected, blocked and removed with security tools.
Our guide to the best Android security suites should help you out here.
10. Physically Protect Your Device
We talk so much about antivirus for mobiles, and logging out of apps, setting a PIN, etc. that we often overlook that a smartphone is a physical device. Like every object, it can be locked away, or hidden.
If an object is hidden, no one is looking for it. Scammers and hackers look for low hanging fruit, quick opportunities. When people are leaving their phones on tables in bars, you need to learn to keep yours close by, using a hidden pocket, perhaps, or in a zipped inside pocket. In the street, rely on a Bluetooth earpiece rather than wave your phablet around.
At home and at work, maintain this philosophy. Keep your phone locked away when it isn’t in use or required. Got a meeting? Keep it out of sight. Intensive work session coming up? Lock it in your draw, lest it go walkabouts while you’re hammering your head on the desk trying to get the figures in your report to add up.
Check our guide to physical security tips for smartphones to find out more.
That’s quite a list, but fortunately the steps in it are quite straightforward. Have you been affected by cybercriminals who attached via your smartphone? Is mobile malware a problem for you? Tell us in the comments.