Checkup #4: Mobile Device Security
Take Care of your Mobile Device
Whether your mobile phone is a older phone or a smartphone, staying in touch with family and friends, keeping up with the news and weather, or playing the latest games has never been so effortless. But there are risks. A stolen phone can result in the theft or loss of sensitive data—even your identity. It can compromise your bank or other online accounts, including apps that let you pay for items in physical stores with your phone (mobile wallets). Downloading a malicious app can do the same—as well as cost you money by setting your phone to automatically dial premium numbers (toll fraud).
Cell phones also have the ability to send and receive text messages. Even on a mobile device, an attacker may be able to accomplish the following:
• Abuse your service – Most cell phone plans limit the number of text messages you can send and receive. If an attacker spams you with text messages, you may be charged additional fees. An attacker may also be able to infect your phone or PDA with malicious code that will allow them to use your service. Because the contract is in your name, you will be responsible for the charges.
• Lure you to a malicious web site – While PDAs and cell phones that give you access to email are targets for standard phishing attacks, attackers are now sending text messages to cell phones. These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service. Once you visit the site, you may be lured into providing personal information or downloading a malicious file.
• Use your cell phone or PDA in an attack – Attackers who can gain control of your service may use your cell phone or PDA to attack others. Not only does this hide the real attacker’s identity, it allows the attacker to increase the number of targets.
• Gain access to account information – In some areas, cell phones are becoming capable of performing certain transactions (from paying for parking or groceries to conducting larger financial transactions). An attacker who can gain access to a phone that is used for these types of transactions may be able to discover your account information and use or sell it.
Use the following five simple practices a habit to help reduce your risk.
Lock your device with a PIN or password
Lock your phone as well as your SIM card and mobile wallet (if you have them).
▪ For your PIN, avoid numbers from your birth date, social security or national identification number, phone number, or the like. If you have a password option, use it!
▪ Keep your PIN or password private. Period. Don’t send it in email, instant, or text messages (they may not be secure), and don’t store it on your phone.
▪ Enable the feature that erases the phone if someone tries to guess the PIN too many times.
Use a phone finder
Turn on the service or download an app that helps you find your phone if it’s lost or stolen. This allows you to ring your phone, locate it on a map, lock it, or erase its data—all remotely from your browser (like Internet Explorer or Firefox). Note that this regularly reports the phone’s location—and yours. Consider how long this history is retained and whether it can be shared or sold.
Defend your phone/tablet against malware
Phones are most susceptible to a kind of malicious software (malware) known as a Trojan horse. It hides in a seemingly harmless app like a ringtone or game, but contains hidden code designed to exploit or damage the system; running the app unleashes the malware on your phone.
Install reputable apps
Download apps only from major app stores—the Windows Phone Store or Apple’s App Store, for example—and stick to popular apps with numerous reviews and comments.
Keep your phone/tablet up to date
▪ Just as you do on your computer, accept and install all updates offered for both the phone itself and the apps on it.
▪ Uninstall apps that you don’t use.
Don’t jailbreak your phone
Most phones will run only software that their operating system trusts. Jailbreaking (or unlocking) a phone enables it to run untrusted software, which is much more likely to carry a harmful virus.
Accept incoming content cautiously
▪ Avoid clicking links in ads and contests that promise free prizes or gifts.
▪ Watch out for text messages that look too good to be true.
▪ If your phone works with Bluetooth technology or NFC standards (which support, for example, mobile wallets), turn them off if you’re not using them. (Both technologies allow two devices to “talk” to each other wirelessly at close range.) This blocks unwanted downloads and keeps intruders from reading data stored on your phone.
Protect your privacy
▪ Do not bank, shop, check email, or do other business that exposes your user name or password over “borrowed” or public Wi-Fi (like a hotspot). It is safer to use the mobile phone’s network, which encrypts data as it is transmitted.
▪ Be wary of features that offer to save user names or passwords in your browser and financial service or other apps that store sensitive data.
▪ Share your location only with those you trust.
Use GPS features wisely
Many services—weather, movies, and maps, for example—personalize results by using location data from your phone’s Global Positioning System (GPS) or nearby Wi-Fi access points and cell towers. Your phone’s camera can use GPS to automatically embed information about the spot where a photo was taken, called geotagging. Facebook and Twitter can also use GPS to geotag status messages and tweets posted from your phone. This can be a risk because you may not be able to control how that data is used and by whom.
▪ Think carefully before you turn on geotagging.
▪ Limit the apps that you allow to access your location and link to social media with care.
▪ Get permission from others before you tag them in photos or check them in.
Back Up your Phone/Tablet on a regular basis
Back up your phone regularly to your computer, cloud storage, or both.
Instructions for Backing Up Your iPhone/iPad:
Backing Up using iCloud
iCloud automatically backs up your iOS device information daily over Wi-Fi when your device is turned on, locked, and connected to a power source.
Back up automatically
– On your iOS 8 device: Go to Settings > iCloud > Backup, then turn on iCloud Backup.
– On your iOS 7 device: Go to Settings > iCloud > Storage & Backup, then turn on iCloud Backup.
Back up manually
- On your iOS 8 device: Go to Settings > iCloud > Backup, then tap Back Up Now.
- On your iOS 7 device: Go to Settings > iCloud > Storage & Backup, then tap Back Up Now.
Important: If you don’t back up your iOS device to iCloud for 180 days or more, Apple reserves the right to delete your device’s iCloud backups.
Backing Up using iTunes
Use these steps to back up the content on your iOS device to iTunes on your computer:
– Make sure your computer has the latest version of iTunes.
– Connect your device to your computer.
– Choose File > Devices > Back up, or simply click on the Device Icon that will appear in the upper left corner of your iTunes screen.
You can also back up by syncing your device with your computer. When you use iTunes to sync, backing up is the first step.
To check that the backup finished successfully, open iTunes Preferences and select the Devices tab. You’ll see the name of the device along with the date and time iTunes created the backup.
Instructions for Backing Up Your Android Phone/Tablet
Backing Up using Google Cloud
- Press the “Home” button on your phone to get to the Home screen.
- Hit the “menu” button next and select “System Settings.”
- Select the “Privacy” option right under “Language” in the Settings screen.
- Make sure the “Back up my data” and “Automatic restore” boxes are checked. Click “Backup my account” to ensure extra redundancy for backing up your data on the cloud.
- Select an account there for a backup account, or click “Add account.”
- Select “Existing” for a different account that already exists, or click “New” to set up a new one. This will help ensure your data stays safe.
Backing Up to your Computer
- Connect your Android device to your computer (Windows or Mac should both work) via the USB cable.
- On your Android, pull down the main menu (swipe down from the top of the screen) and select “USB connection.”
- On the next page, choose USB Mass Storage and hit OK.
- You will see a new drive or “Removable Disk” appear on your computer for the SD card. Open it up, and copy all the files inside to a new location on your computer. Put the date right into the name of the folder so you can very easily identify it and when it was created.
Instructions for Backing Up Your Windows Phone/Tablet
The backup process using Windows 8.1 is now automatic, and it can be found under Settings > Backup > Apps + Settings. Tapping that screen will give you two options, one for Settings backup and another for App backup. Either one can be toggled on or off to make sure backups happen on a regular basis. When enabled, the backups will happen automatically. Likewise, you can do a ‘back up now’ for saving manually in addition to managing those backups, including deletion. All your data is saved to your OneDrive account. You can find more information about backing up Windows Phones at: http://www.windowsphone.com/en-us/how-to/wp8/settings-and-personalization/back-up-my-stuff
Syncing Your Devices
By using your same iCloud, Google, or OneDrive account on all your mobile devices and computers, your devices will always be in sync and any data one one device will be accessible on all similar devices. (As long as all your devices use the same platform. This is why you should always try to buy devices from the same company.)