A lot of us use a mobile device (a phone or tablet) so frequently that we consider it to be our primary computer. In a lot of ways, mobile device security is the same as workstation security, except for the fact that the device stays with us wherever we go. The convenience of taking our data everywhere with us, though, can come at the cost of security. Here are three simple ideas for how to keep your mobile devices—which often carry data more personal than the rest of our devices—secure: 1) keep your OS and apps up to date; 2) keep your device physically secure from theft and damage; and 3) manage passwords and sensitive information well.
But first… the bad news. Mobile devices are prone to attacks by state actors, intelligence agencies, and other very capable attackers. A lot of the security vulnerabilities that we hear about are very effective and stay unknown for a long time. In other words, if state agencies are after you, there’s little to be done to stop them from accessing data that they want. Both hardware and software vulnerabilities tend to be found after they’ve been exploited, but once they are made public there’s typically something to do about them: update your device’s software.
This should be done automatically for most mobile devices running Android or iOS, usually when WiFi connected and charging. If you have changed this setting for any reason, it’s time to turn it back on. The updates to your apps and operating system are the only way to know that you are using a secure version of that software; any known vulnerabilities will get an update when it’s possible for the developers to fix it.
It may seem obvious, but keeping your phone safe starts with keeping it physically safe. This may be obvious as a way of stopping yourself from accidentally breaking or losing it, but it may not be so obvious for how it keeps your data safe. Personal data breaches can occur when you need the device repaired and have to turn it over to a manufacturer or other hardware repair company. Even a company that prides itself on its security may use contractors who may not always be as reputable.
A more common problem is losing a device or having it stolen. If you use the “Find my device” feature on Android or the “Find My iPhone” feature on iOS, you can rest a little more easily when it happens, since they’ll help you find a lost device or disable a stolen one. Most platforms encourage you to do automatic backups of your data to an iCloud or Google account, which will help you feel better if you have to put a phone in “lost mode.”
Passwords and Authentication
In case a malicious actor ends up with your phone, you want to make sure that your user authentication (screen unlocking) is strong—be it a fingerprint or an unlock code. If your device is lost or stolen, a reasonably strong unlock code can stand in the way of an unsophisticated attacker simply opening your phone or tablet and gaining access to everything. Under no circumstances should a mobile device—at least, one that is logged into websites or apps as you—go without a lock screen code. Depending on how you set up the rest of your passwords and logins, getting past the lock screen could grant access to all of the rest of your personal information.
A lot of devices also use the unlock code to encrypt all of the data on the device, meaning that the code is used to securely store all of the pictures and documents on it. Typically, this helps prevent someone from being able to plug your phone into a computer to break into its files. It’s one extra step of protection, at least it is when it’s done correctly. If you aren’t currently using encryption on your device, consider enabling it the next time your phone needs the operating system installed.
-Written by Derek Jeppsen on Behalf of Sean Goss and Crown Computers Team