Keep Your Phone Close — And Your Data Closer
With employees depending heavily on their mobile devices to accomplish business goals, the need to keep those devices secure is imperative. Here, in the first of four articles for National Cybersecurity Awareness Month (October), FTI Cybersecurity presents best practices for securing your mobile device.
Cyber criminals continue to look for ways to exploit vulnerabilities in mobile apps, operating systems and software. Their goal is to capitalize on security flaws before manufacturers and developers ever have the chance to issue software patches. The 10 simple, low-tech actions that follow can help you tighten security and protect sensitive information while at work, home, or traveling for business or pleasure.
1. Update Regularly – This applies not only to your mobile device operating system (OS), but to your apps. Attackers will often target known vulnerabilities that appear in older versions of software. By consistently updating the OS and your apps,* you can reduce your risk with the simple click of a button.
2. Disable Automatic Connection to Public Wi-Fi – Connecting to public Wi-Fi networks, especially those that are unsecured, leaves you vulnerable to hacking by granting almost anyone else on the network access to your device. You also want to avoid intentionally connecting to public hotspots as these are often unsecure and could be monitored by malicious actors.
3. Be Wary of Unsolicited Calls/Text Messages – The creativity and complexity of attacks tends to run one step ahead of security, so you should give additional scrutiny to any calls and messages that ask you to perform an unusual action or provide excessive information. Rule of thumb: You’ll never be asked out of the blue to provide a social security number or password by a legitimate organization.
4. Use Automatic Locks – Mobile devices, and many apps, have automatic locking features to keep others from accessing your information, even if you forget to do so on your own. By enabling this safeguard,* you can protect yourself without any additional action required. It truly is set it and forget it.
5. Delete Unused Apps – If you have not used an app for an extended period, remove it from your device. Many apps have robust tracking features, and if you do not routinely use the app, you may be sharing more data with third parties than you normally would allow, and without your knowledge.
6. Regulate App Privacy Policies – By default, applications usually ask for more permissions than necessary. Protect your data by changing the permissions for each app* on a case-by-case basis.
7. Beware of Suspicious Pop-ups – Pop-up windows, or notifications, can be tempting to click on. Avoid those you do not recognize and instead report them to an appropriate cybersecurity professional, such as the IT department.
8. Only Download From Trusted Sources – Use the commercial app store supported by the manufacturer or provider of your device to download your apps, games, music, etc.
9. Avoid Unknown Links – Take a deep breath when an email arrives in your inbox and do not reflexively click on it. It may contain malware designed to attack your device. The same goes for unrecognized attachments, links and text messages.
10. Resist the Urge to “Jailbreak” – Jailbreaking — or installing a custom OS or third-party software on your device — removes manufacturer-imposed limitations. This may allow you to download alternative apps, but it also makes the mobile device more vulnerable by removing essential safeguards against malware.
Carrying around what is essentially a minicomputer in your pocket creates personal and workplace efficiencies. But it also exposes you to significant vulnerabilities that can impact not only your work life, but your personal life as well.
Read the second in our series: Secure Your Data by Tightenting Your Weakest Links.
*Consult your phone's features for instructions.
Copyright 2019. The views expressed herein are those of the authors and do not necessarily represent the views of FTI Consulting, Inc. or its other professionals.