Mobile phones have become the new prey of choice for hackers and other nefarious individuals. Once compromised, our phones offer easy access to our personal and financial information, giving hackers the ability to sell that information on the dark web and to ransom our information.
But despite the growing threats to our smartphones, most people — even most corporate executives — still don’t take basic security precautions. According to a 2016 report on mobile security by Intertrust, the cost of mobile app hacks and breaches will reach $1.5 billion by 2021. Yet mobile device security often gets less attention than security for network systems or even our laptop computers. The same report says $34 million is spent annually on mobile app development while only $2 million is spent on app security. This reinforces the old adage that the money spent on security is never enough, until there is an incident… and then it is never enough.
There are all kinds of ways that our phones can make us vulnerable to attack. Many people use their phone for two-factor identification and password resets. We all feel safer when our bank or email provider sends us a text message with a secure verification code when we’re logging in. But hackers can take control of your phone number and transfer it to a new phone — one that they control. Then all your secure verification codes go straight to the hackers, giving them access to your online accounts.
Apps are another way that hackers can infiltrate your phone. Malicious code can be inserted into free versions of popular apps. Once you’ve downloaded the app — for example, antivirus software — the hackers will ask you to spend money to get rid of viruses it found inside your phone. If you refuse, the app can completely disable your phone until you pay up. Think of it as a Trojan horse. Once you realize what’s going on, most of the time it’s already too late.
These are just two ways that hackers can wreak havoc through your phone. What can you do to protect yourself and your mobile device? Here are 15 simple steps that will make you a harder target:
Immediately change factory passwords on your phone. Avoid using 0000, 1234, your birthday, or similar easy-to-guess codes, and avoid settings for auto-login or saving passwords. Change your voicemail password from time to time, too.
Keep your operating system up-to-date, and back up your phone regularly. Install app and system updates as soon as they are available, because these updates may be fixing a bug or security issue.
Use a dedicated email address for authentication and pin number resets. This email address should be different from your personal day-to-day email address, which may be widely known.
Be cautious about installing apps from unknown sources, especially free versions of popular apps.
Only download apps from the App Store, Google Play, or other official sources, as they constantly screen and remove suspicious apps.
Do not access sensitive information (your bank account, for example) while using unsecure public Wi-Fi.
Use a VPN (Virtual Private Network) to create a more secure channel between your smartphone and the internet.
Set your phone’s lock-screen feature to engage quickly when the phone is not in use.
Set your phone to auto-erase if too many incorrect logins are attempted (and make sure to back up your phone regularly).
Turn off your phone’s Bluetooth feature when not in use.
Enable the “Find my phone” feature so that you can quickly locate it if it’s lost or stolen.
Consider installing security software on your phone — but only approved and well-known software (which usually is not free).
Try not to keep personal information on your phone for too long. Keep your phone as “clean” as possible by moving photos and documents and photos from it to a more secure device.
Turn off your devices when not in use (do not just hibernate them), especially when traveling.
Install privacy screens for your devices. (These are tinted screen protectors that prevent bystanders from seeing what’s on your screen.)
For those of us who travel extensively overseas each year, particularly to China and other countries of economic espionage concern, we recommend using “throwaway” phones, which can be destroyed after each trip. (We are still fans of the “clamshell” phones for a disposable option.)
Nobody easily recovers from being hacked. While computers have always been vulnerable to attack, your phone has evolved into the target of choice for criminals. Protect yourself by recognizing the threats ahead of time and making the efforts to mitigate them