Security Threats to Your Mobile Device and How to Thwart Them
Remember a time when “data breach” was an unknown concept, and the biggest fear associated with your digital life was contracting a virus on your home computer that might leave you vulnerable to a vicious pop-up attack?
Ah, the simple life.
Gone are the days of blind faith in the systems that sustain us.
In these fast-paced days of constant connectivity we have become entirely dependent on mobile devices to keep us tuned in to the ever-changing landscape of technology. And it’s a jungle out there, fraught with hidden dangers and would be attackers ready to strike at us through our hand-held devices.
When you consider the fact that we use the same devices to connect to our workplaces, access banks accounts, and to share sensitive information it is imperative that we take a good look at the hidden dangers and even more important, that we know how to thwart them.
So where are we most susceptible to cybercrime?
Any app has the potential to be malicious, and even if left unused can render your device and data vulnerable. Every time you download an app you give it it special permissions when you agree to the terms and conditions. The app will app seem innocent enough, and if you’re like many of us, you’ll be impatient and trusting enough to click “yes…yes, I agree!”
What you may not know is that these permissions sometimes require a level of access to files and folders on your mobile device. Even though the app is working just as it is supposed to, it may very well be mining data and sharing it with a third party, exposing your private information. Consider the number of apps on your phone at any given moment…how vulnerable are you?
Both iOS and Android are prime targets for spyware designed to mine user information and private data. In addition to tracking your online activity, it can also record your keystrokes and, ultimately, could control your computer.
Spyware known as “Pegasus,” discovered in 2016, was used to hack into Apple devices and surveil users. In response, Apple released a patch and updates to thwart the attack. Android users were invaded via fake app downloads that mined data and tracked users. Google, meanwhile, created Play Protect security as a measure of ensuring some measure of protection. Efforts like this are well and wonderful, until the next evolution of spyware comes along.
Public WiFi, fake WiFi, and sniffing
As remote working environments become more commonplace, access to unsecured WiFi is ever more available and normalized in public locations. Coffee shops, libraries, and co-working spaces with their WiFi hotspots are actually modern breeding cesspools for attacks on devices.
Some of these “networks” are actually controlled by hackers; users are tricked into using these legitimate-looking networks that are designed to access your device and steal your prized information. Creating a fake WiFi hotspot isn’t that difficult and they’re made more believable with business names echoing the real deal. In fact, in 2016, at both Republican and Democratic conventions, nearly 70% of all people attending logged into the bogus network, exposing not only their own data, but that of their companies and organizations, as well.
You’ve probably heard of this and also know by now that it has nothing to do with the peaceful pastime. Phishing is happening on a daily basis. Hackers send what appears to be a legitimate email, but is actually an attempt at getting the person to hand over private information.
One example you may have already encountered yourself is what appears to be a legitimate email sent from a financial institution to inform you of an inconsequential change in your banking, and that they just need to re-enter some identifying information and maybe your account number, etc. If your Spidey-sense happens to tingle and you call your bank to confirm this, you’re sure to be told that by no means was the email something they issued. Good thinking, you. If the bad guys had gotten what they came for, you’d surely seen your bank account drained of funds (or something equally heinous).
Not all attacks on mobile devices originate from malicious apps, phishing attacks, spyware, or fake WiFi networks. Another common cause of info loss is simply misplacing your device and having it fall into the wrong hands. This is one of the hardest threats to defend against since in this instance, malicious actors have direct access. And since people usually opt to stay logged into their most important and useful accounts, or they allow the device to remember the logins and passwords, there’s not much for hackers to actually hack.
Criminals then have direct access to whatever accounts and info are being accessed on the device. Happily, Android and Apple devices come with features that will let you remotely access your lost or stolen device and delete sensitive information should it fall into the wrong hands. With iOS, you can log into your Apple account and turn on Lost Mode, where you can then enter a custom message that will appear on the lock screen (in case a good Samaritan should happen to find your phone), as well as disable access to all accounts making the phone useless to bad guys.
So, now that we’ve identified a few of the dangers of online activity and mobile devices, the million dollar question is what can you do about it? Sure, you can throw away your phone, and go back to the good old days of using phone books, snail mail, the library (we still advocate for the library!), ye olde general store, and fold-up maps. Or you can try these other options to help protect your data, your device, and your sanity:
Keep software up to date
Just as the spyware and hackers make advances in the complexity of their attacks, so too does the security on your device. The manufacturers of devices are as interested in protecting your data as you are, and no wonder: their reputation depends on it. That’s actually what’s behind those incessant reminders they give you to update your system.
Software updates contain security updates, so if you update regularly, you are forcing the hackers to work a little harder to gain access to your device. Staying in front of hackers isn’t always possible, so take every advantage. Like most criminals, hackers are looking for an easy “mark,” and a device that’s not running updated software is like an unlocked car with a purse on the front seat. Consider setting your updates to install automatically so that you never forget, and you’re device is kept updated.
Make use of antivirus protection
Even mobile devices are susceptible to viruses and spyware attacks, so having antivirus software on your device should be an easy and obvious best practice. There are plenty of free options available, and it never hurts to have an extra layer of protection. In addition to protecting your device from unwanted viruses and suspicious malware activity, they also run a first line of defense. Many will let you know which apps are safe before you download them, as well as offer to clear your browser history and delete cookies (which are small software tokens that have stored your login as well as history on a specific site).
Encryption is the act of making your data unreadable, which can be a great barrier that keeps your data safe, even if it falls into the wrong hands. Most devices these days come with data encryption features built in, which helps prevent unauthorized access in the case of theft. If you don’t already have this activated, you should stop reading and make that happen for yourself. There should be an encryption password required to encrypt your device, which you’ll need to remember if you want to access your own device. So choose carefully.
Use only trusted WiFi
Everyone loves free WiFi, especially if you’re the one paying the bill for a hefty data plan each month. But “free” isn’t free when it’s the source of data loss and device infection. Most free WiFi networks are not encrypted, which basically sets up a highway of various hackers, virus, and malware attempting to infiltrate your device and gather up all your data. To protect against WiFi hackers, use apps that can help secure your connection, and tell you the status of your connection. WiFi Protected Access is more secure than Wired Equivalent Privacy. And if you’re not using it, turn it off. This will help keep you safe from logging into an unsecured network accidentally, while also saving some of that battery life.
Password, password, password
Words alone aren’t enough anymore. A strong password paired with biometric features, like a fingerprint, make the unauthorized access of your device practically impossible. In addition, your password needs to be slightly more complex than your anniversary or the name of your favorite pet. Eight or more characters in length is recommended, including alphanumeric characters. And don’t skip on the the two-factor authentication if your device allows. And you need to be changing your password every three months. Just like the oil in your car. Or your underwear.
And last on this list, but certainly not least: VPN!
Bottom line is that if you’re unsure in any way, shape, or form about the level of security on any given network you happen to frequent, you should be using a VPN. A Virtual Private Network is exactly what will allow you to connect to a network securely, while at the same time keeping your browsing and activity hidden from prying eyes.
A VPN is like a cloak of invisibility. It’s much harder for a hacker to track you or attack you if they can’t see you or what you’re doing. Just like you’d avoid that unlocked car with a purse on the front seat scenario we mentioned before, don’t make it easy on criminals.
When it comes to protecting yourself online, use layers of protection. Stay updated with your software. Don’t forget your anti-virus protection. Deploy encryption. Practice safe WiFi in public, always. Make excellent use of passwords & biometrics. And, of course, VPN for the win.