MOBILE devices make our life easier — We pay with them, keep in touch with them, run parts of our home with them, play with them and the vast majority of these devices are now interacting with corporate sensitive data as “bring your own device (BYOD)” behavior continues to surge in popularity.
Research uncovers that 90% of security leaders say protecting employees’ personal devices is a top priority, but only 63% have the tools to do it adequately.Organisations are struggling with more end-point to protect (Work laptops suddenly sharing home wireless network), Missing security patches on personal devices, Limited capacity of IT support staff to assist in remote working and Lack of Appropriate mobile security policies.
Recent Reports show trends in mobile threats such as Poor password hygiene, Mobile ad fraud, data breaches, malicious apps, Cryptojacking attacks are on the rise and phishing attacks via private messaging apps are of an increasing concern.
What should be done to protect data in your mobile devices?
1. Protect your device with password
Ensure that your Mobile devices are password protected — And If your mobile device allows two-factor authentication (2FA), don’t hesitate to use it. When 2FA is enabled, you will need to authenticate using a second method when logging into certain apps or websites.
Authentication methods include a text message, email link, or confirming the validity of the login from another device where you are connected.
Some devices offers biometric authentication options, like a fingerprint, Face recognition make use of them.2. Install reputable security suite
The files you download and the apps you install on your mobile device might contain malicious code. Once launched, this code could still your data, making you unsecured and infringe your privacy.
To avoid that you need to secure your mobile devices using reputable security solutions. It is strongly advised to install Anti-viruses in our mobile devises. We have a good number of Anti-Virus /Anti-Malwares — The best of all is the one with updated signature.
3. Avoid of public charging stations
Public charging stations can be a convenient solution to low battery levels but pose a risk of data breaches. Cybercriminals can access your phone’s data or introduce malware through a USB drive. It is advisable to use AC charging ports instead, as they transmit only power rather than data.
Alternatively, consider using charge-only adapters and data blockers to prevent data breaches.4. Know your app
Make sure you only install apps from reputable sources and you checked app’s permission before installing it.
Non-sanctioned applications create a risk to the mobile devises and for enterprises. Malicious applications (Apps) can create fraudulent ads, stealing user credentials, or skimming personal information. Much of this can happen in the background, often without victims knowing it.
December, 2018 MacAfee discovered 65000 fake apps. These malicious apps can find their way into legitimate app stores, like Apple’s App Store and Google Play. While these stores indeed have review processes in place to weed out malicious apps, hackers and scammers have found workarounds.
Sometimes they upload an app that’s initially clean and then push the malware to users as part of an update. Other times, they embed the malicious code so that it only triggers once it’s run in certain countries. They will also encrypt bad code in the app that they submit, which can make it difficult for stores to sniff out.
5. Keep your mobile app updated
Mobile apps, just like your computer and mobile device operating system, must be updated to stay current with the most updated software version. Cybercriminals frequently exploit vulnerabilities in software to gain access to mobile data.
The developers that created your app also create and release updates to fix these weaknesses and protect your devices.
When your apps are updated, always make sure you verify any new permissions they might require.6. deploy full-device encryption
Most mobile devices are bundled with a built-in encryption feature. Encryption is the process of making data unreadable. Decryption, on the contrary, will convert unreadable data into accessible data.
Encryption is important in case of theft, and it prevents unauthorized access. You simply need to locate this feature on your mobile device and enter a password to encrypt your device.
Most importantly, you need to remember the encryption password because it’s required every time you want to use your mobile device. Laptops can be encrypted using FileVault, BootLocker, PGP encryption, or other forms of full-disk encryption.
7. Disable your voice assistant on your lock screen
While voice assistants such as Siri and Google Assistant can be convenient, they can also pose a risk to mobile data security. Disabling the voice assistant option on the lock screen can help prevent unauthorized access to your contacts, chats, emails, and calls.
8. Backup your data
Unfortunately, sometimes, things happen. Even if you do the best you can, sometimes one mistake can cost you, and it may cost you more than money. If your mobile device is compromised, you risk losing all of your data, and that includes your contacts and precious photo memories.
Keep a backup so you can restore your data should your phone or access fall into the wrong hands. Automated backups will save you the hassle, and can be performed at times that you’re using your phone less, like overnight or in the early morning hours. Save your backup data to another source such as Google Drive, iCloud, OneDrive, or another service.
9. Wipe messages remotely
Enable Remote Wipe — Most mobile devices support this functionality. To use this feature, the administrator setting on the device must be enabled, and it’s important to ensure that a backup has been performed prior to protect against loss of user data.
This gives users the ability to ‘Wipe’ all data from the device — If it is misplaced or stolen. There are Numbers of software that can provide this service if the mobile device do not have this feature.
10. Use a VPN on any public network
If you’re unsure about the security status of the network you’re connected to, using a VPN (Virtual Private Network) is strongly recommended. A VPN will help secure your data by encrypting it and masking your IP address and location.
11. Enable ‘Find my device’
If your phone is lost or stolen, being able to locate and erase data remotely is essential. Enable ‘Find my device’ services provided by Apple and Google to locate your phone on a map and erase sensitive data if necessary.
12. Keep record of your device
Mobile devices can be stolen. It is strongly recommended for individuals and IT departments to keep detailed records of the mobile devices. This includes serial numbers, models, IMEI number, and any other identifier.
This will assist with recovery in case of theft or loss of your Mobile device.
Yusuph Kileo is an expert in the field of Cybersecurity and digital forensics. He speaks on and chairs panels on information security, risk, and crime as well as provides opinion pieces for TV, radio, and print/online media.