Request A Consultation

Mobile Matters: Keep Your Data Safe

By Thomas Coffey, VP of Security at CISO Global

Some of you may remember when phones were primarily used for making phone calls. In today’s rapidly evolving digital landscape, our smartphones and tablets have transformed into multifunctional devices, serving as mini-computers, high-resolution cameras, and indispensable companions in our daily lives. They seamlessly keep us connected to the world, offering endless avenues for communication and entertainment. The convenience and utility they provide is indisputable, however with all the good, there lies a significant concern: the vast amount of sensitive data they contain. 

Our mobile devices have become storehouses of our personal information, holding everything from contact details and social media accounts to passwords, banking credentials, and confidential documents. With such invaluable data at stake, safeguarding our digital identities has never been more critical. The digital realm is rife with cyber threats, ranging from malware and phishing attacks to data breaches and identity theft. For these reasons, it’s imperative that we adopt proactive measures to strengthen our cybersecurity defenses and shield ourselves from the myriad dangers that could befall us if someone gained access to that data. But how exactly can we navigate this complex and ever-evolving landscape to ensure our safety and privacy online?  

Mobile Matters: Keep Your Data Safe, Author Thomas Coffee in front of digital devices

Why Should You Care? 

Imagine this scenario: someone quietly peering over your shoulder as you conduct online banking transactions or sift through your private messages. The mere thought is enough to send shivers down your spine, isn’t it? Unfortunately, in today’s digitally interconnected world, this possibility isn’t far-fetched. 

Without adequate protection, our devices become glaring targets for cybercriminals, offering them an open invitation to infiltrate our digital lives. Mobile devices have emerged as prime targets for criminal activities due to the fact that they are entwined in our everyday activities. Cybercriminals employ a variety of sophisticated tactics to exploit vulnerabilities in these devices, ranging from deceptive emails disguised as legitimate correspondence (commonly known as phishing) to cunning applications laden with harmful code (referred to as malware). Additionally, they may resort to network-based attacks, exploiting weaknesses in Wi-Fi connections or cellular networks to gain unauthorized access to our sensitive data. 

These attacks take advantage of vulnerabilities discovered in smartphones that can result from different modes of communication, including Short Message Service (SMS, text messaging), Multimedia Messaging Service (MMS), wireless connections, Bluetooth, and GSM, the de facto international standard for mobile communications. Smartphone operating systems or browsers are another weakness. Some malware makes use of the common user’s limited knowledge. 

The Cost of Not Caring: 

The repercussions of falling victim to such attacks can be grim, ranging from financial loss and identity theft to damaging one’s reputation and privacy. Therefore, it’s imperative to take measures to protect this information against the ever-evolving threats in the digital landscape. By adopting proactive mobile device security measures and staying informed about emerging cybersecurity risks, we can better protect ourselves and safeguard our digital assets from the clutches of cyber criminals. Here are some mobile security best practices to turn you into a data defense pro: 

Lockdown Headquarters 

Turn User Authentication On: The first thing to do is to ensure that all your mobile user devices have the screen lock turned on and that they require a password or PIN to gain entry. There is a ton of valuable information on the device! Most mobile devices have biometric security options like Face ID and Touch ID, which makes the device more accessible but not necessarily more secure. That’s why it is a good idea to take your mobile device security practices a step further and implement a Multi-Factor Authentication (MFA, also known as two-factor authentication) policy for all end-users as an additional layer of security. Regardless of which method you choose, ensure ALL your devices are protected by making sure you are who you say you are. 

Passwords Are Key: Ditch the “123456” and create complex, unique passwords. Here are a few simple tricks:  

  • Make passwords a minimum of 12 characters, but more is always better. Longer passwords are exponentially harder to crack. 
  • Use at least one special character, i.e., !@#$, to add an extra layer of complexity. 
  • Use a combination of upper and lower case letters to increase the randomness of your password. 
  • Incorporate at least one number to further enhance the complexity and strength of your password. 
  • Consider using a memorable passphrase, rather than only a password. For example, MyC@tLikes2Eat combines words, numbers, and special characters for added security. 
  • Never reuse passwords on multiple accounts. Each account should have its own unique password to prevent widespread security breaches. 
  • Avoid repeating or cycling through passwords. Creating new, distinct passwords for each account is crucial for minimizing the impact of a potential breach. 
  • Resist the temptation to write down passwords. While it may seem convenient, storing passwords in plain sight can compromise their security. 
  • Never share passwords with anyone, including friends, family, or colleagues. Keeping your passwords confidential is essential for maintaining control over your accounts. 
  • Create a password blacklist. This is a list of passwords known to be weak or commonly used. Examples of passwords you should never use are god, password, password1, iloveyou, 111111, qwerty, 123456 (123456789 is equally insecure). 
  • Avoid using easily accessible information that can easily be found online. Many people use readily available information for their passwords, such as birthdays, anniversaries, and kids’ and pets’ names, meaning that hackers can, with a little research, easily find it through social media or other online sources, making passwords vulnerable and easy to crack with only a few simple guesses. 

Software Safety: Keep your device’s operating system and apps up to date to patch known vulnerabilities. If you’re using outdated software, the risk of getting hacked skyrockets. Vendors such as Apple (IOS), Google, and Microsoft constantly provide security updates to stay ahead of security vulnerabilities. Think of it as plugging leaks in your digital home. 

Two-Factor Lockdown: Enable two-factor authentication (2FA) – it’s like a double lock on your digital door. This adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone or email. 

Smart Apps: Only download apps from official app stores and be wary of any app asking for excessive permissions. Think twice before letting an app read your entire contact list! 

Be Cautious on the Go 

VPN Protection: Use a Virtual Private Network (VPN) for an extra layer of protection on public Wi-Fi. A VPN creates an encrypted tunnel through which data is funneled. While this does not provide complete protection, it does improve your privacy. 

Public Wi-Fi Caution: If you must use public Wi-Fi, avoid sensitive activities like banking and stick to trusted networks. Any time you connect to another organization’s network, you increase your risk of exposure to malware and hackers. There are so many online videos and easily accessible tools that even a novice hacker can intercept traffic flowing over Wi-Fi, accessing valuable information such as credit card numbers, bank account numbers, passwords and other private data. Interestingly, although public Wi-Fi and Bluetooth are a huge security gap and most of us (91%) know it, 89% of us choose to ignore it. 

Secure Your Stuff 

Lock It Up: Always lock your device with a passcode, fingerprint, or facial recognition. It’s like locking your front door. *Note: Almost every business should have a Bring Your Own Device (BYOD) policy that includes a strict remote lock and data wipe policy. Under this policy, whenever a mobile device is believed to be stolen or lost, the business can protect the lost data by remotely wiping the device or, at minimum, locking access. Most IT security experts view remote lock and data wipe as a basic and necessary mobile security caution. 

Find My Device: Enable “Find My Device” features to track a lost or stolen device and even wipe your data remotely if needed. 

Backup Buddy: Regularly back up your data to a secure location like a cloud storage or external drive. Think of it as having a fireproof safe for your digital memories. Select a cloud platform that maintains a version history of your files and allows you to roll back to those earlier versions, at least for the past 30 days. Google’s G Suite, Microsoft Office 365, and Dropbox support this. Once those 30 days have elapsed, deleted files or earlier versions are gone for good. You can safeguard against this by investing in a cloud-to-cloud backup solution, which will back up your data for a relatively nominal monthly fee. 

In addition to the fundamental steps outlined for data protection on mobile devices, there are several supplementary measures that can further fortify security.  

  • Integrating a robust password manager like Dashlane or LastPass not only simplifies the management of complex and unique passwords but also adds an extra layer of encryption to safeguard sensitive credentials. These password managers utilize advanced encryption techniques to securely store passwords and can generate strong, randomized passwords for each account, minimizing the risk of unauthorized access. 
  • Deploying modern anti-malware solutions tailored for mobile platforms can effectively thwart malicious apps and phishing attempts. These anti-malware products utilize real-time scanning and behavioral analysis to detect and block potential threats before they can compromise device integrity or exfiltrate sensitive data. 
  • Implementing a firewall on your device can significantly enhance its security posture by regulating incoming and outgoing network traffic. For Android users, firewall applications such as NetGuard, AFWall+, or Mobiwol offer granular control over app permissions and network access, allowing users to block unauthorized communication and mitigate the risk of data breaches or intrusive tracking. Similarly, iOS users can leverage firewall solutions like Noroot or Guardian to monitor and control network traffic, thereby fortifying their device against potential cyber threats and privacy infringements. 

In today’s digital age, mobile devices have become indispensable and safeguarding the multitude of data these devices store is of the utmost importance. A comprehensive approach that adds extra levels of protection, regularly updating your devices operating system and applications, and granting access to only essential functions will provide peace of mind against potential data breaches. Lastly, practicing good browsing habits and being cautious of suspicious links or downloads helps diminish the risk of malware infections.  

Incorporating these strategies into your mobile device usage can significantly enhance data protection and safeguard your digital privacy. Remember that mobile device security extends beyond protecting your personal data; it’s also about shielding the sensitive information of your loved ones, preserving the integrity of your organization’s assets, and ensuring your own peace of mind in an increasingly digital world.  

By remaining vigilant, staying informed, and implementing robust security measures, you actively contribute to creating a safer mobile environment for yourself and those around you. Stay one step ahead of cyber threats and create a culture of security to keep our mobile world safe and secure for generations to come.