Mobile technology is now an indispensable element of modern business. Just as powerful as traditional desktop computers, our tablets and smartphones have key data stored on them, and because they often leave the safety of the office, they need even more protection than desktop computers.
The most common security threats to mobile devices include malicious apps and websites, mobile ransomware, phishing, Man-in-the-Middle attacks and spyware. Most successful cyber-attacks are the result of human actions and can be mitigated, to a degree, with security awareness training.
Other potential attacks can be minimised by using Mobile Device Management (MDM) software, which can be installed to ensure all devices are compliant with a set of rules for configuration, updates and security. Specific advantages of Mobile Device Management are explained throughout the blog.
Here are our 10 tips for keeping your smartphones and tablets safe and secure.
1. Switch on Password Protection and Use a Complex Pin or Password, which will prevent an opportunistic criminal from accessing your device. Many mobile devices now include fingerprint recognition to unlock, without the need for a password. You can usually specify how long the phone can be idle before locking when enabling a lock screen, but choose the shortest amount of time to increase your phone security. Your device will be protected even if you forget to lock it yourself. We also recommend not storing your usernames and passwords on your phone.
Unfortunately, many business users don’t change the default passwords on their mobile devices or use multi-factor authentication. Weak passwords can place an entire organization at risk. Likewise, it’s also a good idea to set strong passwords for your apps – this will make it harder for a hacker to guess them. Using unique passwords for each app will ensure that the hacker won’t have access to all your information across the board if one password is identified.
Mobile Device Management software is a useful solution for password protection, for example, phones can be configured to require a 6 digit pin, and if the user doesn’t set one, the phone will not function. MDM will report on the compliancy of any device at any time.
2. Remote Tracking, Locking and Wiping: Employees are more likely to lose their phones or laptops when they are away from the office or home. Most devices now include free web-based tools that are extremely useful should they go missing. These tools can track the location of a device, remotely lock access to the device, remotely erase the data stored on the device and retrieve a backup of data stored on the device. If you have a fleet of smartphones, Mobile Device Management software is ideal in this instance as it allows you to easily track, lock and wipe a device’s data all from a central point.
3. Keep Devices Up To Date: Regardless of the type of phone or laptop your organisation is using, it is essential that devices are always kept up to date. All manufacturers, whether Windows, Android or iOS release regular updates that contain important security updates to keep each device protected. This process is quick, easy, and free; devices should be set to automatically update, where possible.
Bear in mind that older phones are less secure than newer ones. If you’re using an old smartphone, which no longer receives updates, upgrading to a newer model will help increase your phone security. Mobile Device Management will force your fleet of devices to automatically update and report on those which are nearing end of life.
4. Only Install Apps from Locations you Trust: Google and Apple test every app before it is allowed into the Play Store or App Store, which means downloading an app from an official store is less risky than obtaining them from elsewhere. As with your business’s operating systems, all apps that have been installed should be updated with patches from the software developers. These updates will patch any security holes that have been found, as well as add new features. Using Mobile Device Management will prevent the download of any unapproved apps.
5. Using Public Wi-Fi Hotspots is risky and it’s possible for a criminal to see what you’re working on whilst your connected, as well as your logins for apps and web services. Avoid sensitive transactions while using public Wi-Fi, delete unused networks and be wary of confusingly named Wi-Fi hotspots. Your best defence is to use your mobile network, with its built-in security. This enables tethering, where your other devices such as laptops share your connection.
You can also use Virtual Private Networks (VPNs), whereby your data is encrypted before it is sent across the internet, protecting your location and keeping your information from prying eyes. Likewise at home, make sure your home network is set up securely to maximize your data’s security.
6. Turn Off Wi-Fi and Bluetooth when you don’t need them. When you keep Wi-Fi and Bluetooth active, hackers can see which networks you have connected to before, spoof them and trick your device into connecting to Wi-Fi and Bluetooth devices that hackers carry around. Once connected to your phone, hackers can attack your device with malware, steal data, or spy on you, all without you necessarily noticing.
7. Check your Browser for the Lock Symbol: The lock icon in the browser’s address bar indicates that you are on a secure connection and that the website you are using has an up-to-date security certificate. We recommend you look out for a secure connection when entering personal data such as your address details or payment information or sending emails from your mobile browser.
8. Beware of Unknown Senders: Avoid tapping links in unsolicited emails, texts or WhatsApp messages. Text messages are an easy target for mobile malware, so be wary of sending sensitive data such as credit card details or important private information by text. Equally, be cautious about text messages you receive.
9. Avoid Social Engineering Scams: the three most common methods that cyber attackers will use to try to engage and fool you are:
- Phishing is the most traditional social engineering attack; it is when cyber attackers send you an email attempting to trick you into taking an action you shouldn’t do. Phishing attacks have become both sophisticated and targeted (sometimes called spear phishing), with cyber attackers often customizing their phishing emails before sending them. Learn more about phishing in our blog post.
- Smishing has become very popular. We are getting better at spotting phishing email attacks, so cyber attackers are simply shifting to a new method – messaging. Smishing is SMS-based phishing with text messages being sent via phone apps such as iMessage, Google Messages or WhatsApp. Unfortunately it’s harder to filter out messaging attacks than it is to filter out email attacks. Also with SMS, there is very little context which makes it much harder to determine if the message is legitimate or not. Messaging is often more informal and action-based than email, so people are used to quickly responding to or acting on messages.
- Vishing, or voice-based phishing, is a tactic that uses a phone call or voice message rather than email or text message. Vishing attacks take far more time for the attacker to execute, as they talk directly to and interact with the potential victim. However, these types of attacks are also far more effective, as it is much easier to create strong emotions over the phone, such as a sense of urgency.
10. Reboot your Mobile Phone to avoid Zero-Click Attacks: As the name implies, a zero-click cyberattack can compromise a device without any action from its owner and uses existing vulnerabilities in operating systems to wreak its havoc. Many modern cyberattacks rely on a sequence of vulnerabilities that need to be successfully exploited, so a reboot will force the hacker back to the start of that sequence. The National Security Agency recommends powering your mobile phone on and off weekly, and whilst rebooting your phone isn’t going to stop the more sophisticated schemes, it could be disruptive enough to put off an opportunist.
How We Can Help at Comprendo…
We offer a wide range of software options designed to enhance the security measures on your fleet of smartphones and tablets. As discussed above, Mobile Device Management software can be installed and controlled from a central point to enforce compliancy with a set of rules. Smartphones (and other mobile devices) can then be deployed to new staff with the software installed and security configuration set up without the need to configure each individual device manually.
We also recommend a security awareness training module which includes simulated phishing attempts to test your staff on what they’ve learnt, as well as software for password management and data back up in the eventuality a device needs to be remotely wiped following a data breach.
To discuss any of the above, or any other IT concerns you may have, please contact our dedicated support team:
>> Tel 0345 527 4394 I Email info@comprendo.co.uk
At Comprendo, we provide customer-focused IT services, solutions and support to businesses throughout North Yorkshire, West Yorkshire, Lancashire and beyond, including Keighley, Skipton, Ilkley, Bradford, Harrogate, York, Burnley and Preston. Looking to outsource your IT or review your cyber security? We look forward to hearing from you.