As we rely more and more on our on mobile devices for business and personal use, maintaining strong security protocols should be a top priority. It’s important to understand the two main types of mobile security – physical and data – and how you can protect your devices and your data.
- Theft of mobile devices is a real concern since they can easily be picked up and carried away (unlike bulky desktops and servers). Phones typically contain sensitive information about the user and maybe information about the company you works for. When mobile devices are stolen it is possible for attackers to gain access to the contacts, text messages and chat logs, call logs, and passwords to identify the owner of the devices.
- Data Threats - Malware targets not only desktop computers but mobile devices as well. There are a variety of threats targeting mobile devices that can be relatively harmless or pose a major threat to the security of user data.
- Network - Users may be tempted to join Wi-Fi networks to avoid costly cellular data charges. However, publicly available Wi-Fi networks are typically not secure, leaving communications unencrypted. Attackers may additionally attempt to trick users into connecting to networks that they control by deploying fake access points. The access points controlled by the attacker will have names that are the same or are similar to those of existing access points to trick users into accidentally connecting. Once connected, an attacker can steal user login and credit card information, redirect users to malicious websites, and alter data all without the user’s knowledge.
Protecting Your Data
With the wide range of threats targeting mobile devices, users must take the appropriate steps to defend themselves. Mobile data can be protected using defenses that fall into categories which include encryption, physical defenses, and software.
- Encryption - Encryption ensures that one’s data is never sent in the clear or in plain text and that the data stored on the device (including sensitive information) is unreadable until it is decrypted with the appropriate password. If a mobile user is connected to an unsecure Wi-Fi access point, sensitive data from the application may be transmitted in plain text through the unsecure access point.
- Physical Defenses - One of the primary threats to the security of mobile devices is theft or physical access. Users can begin by strengthening the authentication required to gain access to their device. Using multiple factors of authentication which can include passwords or swipe patterns, smart cards, and fingerprints or facial features for biometric recognition. Each can be combined to add additional layers of security that an intruder must bypass.
Mobile users should also take steps to ensure data protection if the device is lost or stolen by having the remote tracking and management enabled on their devices. One of the most prevalent examples of this tracking is the iPhone application Find My iPhone, an application that shows users where their device is currently located using GPS. Users can also enable features that will remotely erase all data that is stored on a phone when it is lost or stolen. If users do not wish to utilize these features, they should still consider encrypting their devices to protect the data on their device. For further protection, users should also ensure that they have disabled lock screen notifications which may leak sensitive information when the device is locked.
- Software - While it is important that users protect their devices from unintentional physical access, users must also be able to protect their mobile devices from both intentional and unintentional threats presented by software. Making sure that applications and mobile operating systems are always up to date is, of course, extremely important. Latest operating system vulnerabilities and application vulnerabilities are being constantly patched to ensure the protection of user data. Mobile application developers must constantly be aware and update their applications accordingly.
For more information and tips to protect your confidential information visit SEFCU’s Privacy & Security Center.