When you think of cybersecurity or cyber safety, are you more likely to think of hackers targeting big corporations or governments rather than your own personal vulnerability. The wide open world of cyberspace is something you regularly interact with every time you browse a website, click a link, post on social media and chat online. But your online risk extends beyond those things because you can leave behind a digital footprint without realizing it, or expose your data in ways you didn’t intend to. This article is part of a series of articles that my Plug-in Blog colleagues and I are publishing over the next few weeks offering helpful tips and information about many topics related to cybersecurity. Today I will explore personal smartphone security.
If you consider just how personal your smartphone is, it’s almost scary to think of what might happen were you to lose it or have it stolen—even if you have the security code or fingerprint sensor enabled. There is software readily available for Windows PC and Mac that can extract data from a handset, regardless of whether it’s password-protected or not. For the iPhone, there’s Apple’s Find My iPhone. For Android, there is a combination of Google and other third-party software that helps the cause. BlackBerry and Windows Phone have their own platforms, too. No matter what type of smartphone you have, there are some universal truths that will help you to stay safe:
My Smartphone Safety Tips
1. Just as you would treat your phone well physically, do the same for the data stored on it. Don’t be careless.
2. Always use a passcode or whatever security option you choose to unlock your phone’s screen.
3. Never download system updates, apps or music when connected to public Wi-Fi networks.
4. Consider using a VPN (Virtual Private Network) app to mask your location and make it harder to be tracked or compromised.
5. Set up whatever tracking setup your phone’s operating system offers, like Find My iPhone on iOS or Android Device Manager for Android. There are also good third-party options. These can help you locate, track and even wipe your phone after it’s been lost or stolen.
6. Always make sure to do a backup, and then wipe your phone clean before selling, trading, donating or recycling it.
Keeping data private
I freely admit feeling a little anxious every time I hand off my phone to someone. Not because I have something nefarious or embarrassing on it, but more because everything I have on there is personal—email, documents via cloud apps, photos, messages, contacts and on and on.
Of course, in those instances, I’ve handed the phone to someone I trust and watched them the entire time. I make it a point to have a numerical or pattern lock on any of my phones as a first line of defence. I have used fingerprint sensors, like those used on the iPhone and Samsung Galaxy S6. I’ve also set up a data wipe if there are 10 failed attempts to get through. Surely I wouldn’t get the passcode wrong 10 times, right?
It’s not a full security solution, but as I noted, it’s a frontline defence that can mitigate an initial breach.
Keep your phone updated
Updating your phone’s system software to the latest version of the operating system is a good idea because it sometimes opens up new security options that you can enable, on top of better overall security baked into the update. For example, Android users may notice that security options have expanded over time, where passcodes, pattern locks and passwords have been complemented by fingerprint sensors, face detection and voice activation on certain models.
The iPhone has also seen changes over the years as iOS has matured, with the data wipe option first appearing in iOS 7. Not all of the changes are well publicized, but going into the security section under settings on any smartphone, regardless of operating system, is well worth the time.
Risks of jailbreaking and rooting
By default, the act of “jailbreaking” your iPhone, or “rooting” your Android phone is considered as a breach of the warranty. Bear that in mind if you want to go that route. Tech-savvy users have typically been the ones to open up their phones that way, and the reasons may vary. The point is that it can make your device vulnerable to mobile malware, which is outlined in greater detail here.
One of the draws in jailbreaking is that apps can download and run for free, which sounds highly appealing, except that it doesn’t carry the same weight it used to. Jailbreaking became popular with the original iPhone, where there was no App Store. But now, eight years later, a regular iPhone is perfectly fine. At least that’s the way I look at it.
Logging into unsecured or public networks
It’s easy enough to log on to free Wi-Fi when it’s available. All kinds of businesses and venues offer it, but it’s best to maintain some solid security etiquette when doing so. If you see a network that simply says “Free Wi-Fi”, it’s probably too good to be true, and may even be potentially dangerous. Free Wi-Fi networks offered by merchants always have a distinct name that usually includes their own. Think of Starbucks or that sports bar you love going to.
There are a few things I would never do on a public network. One is logging into any financial website or app, or purchasing something online. Another is downloading anything of significance and size, like a system update or sensitive document. And lastly, I don’t make any settings changes, like setting a new password or downloading app updates. But I would check email, send messages, stream media, browse the Web and play games. For everything else I noted above, I prefer to either do it at home, via LTE/3G or on my own portable Wi-Fi hotspot when travelling.
Utilizing free Wi-Fi is great and convenient, butexercise some caution as far as what you do when connected to it.
Wiping your old phone clean
This is a big one, and I find myself advising friends and acquaintances of it all the time. Whether you’re selling an old phone, giving it away, trading it in or sending it to a recycler, it’s vital that you wipe it clean of your data. This is actually quite easy to do, as every mobile platform has a method to simplify it. Make sure to back up everything first though.
For the iPhone, your iCloud account will back up whatever it is set to, but for a full backup of everything on your phone, including music, video and app settings, plug it into a computer, run iTunes and save a backup onto the computer itself. After that’s done, restore the phone to factory default.
For Android, it’s a similar story, though you won’t need a computer. A Google account backs up a number of things, but not everything. You can use an app like Helium or GCloud to back up or transfer everything over to another Android phone. Once that’s done, go to Settings>Backup & reset>Rest phone to bring it back to factory default.
BlackBerry and Windows Phone have very similar processes. You should find them under their respective settings tabs.
Stay aware to stay safe
Generally speaking, common sense usually prevails if you take sensible steps to keep your smartphone secure. Much of what you may have learned for computers applies here, too. Don’t tap ‘yes’ to something you shouldn’t, and if a strange pop-up appears on your mobile browser, don’t call the number shown, go directly to the phone manufacturer’s customer support or the Plug-In community here.
Malware installs and propagates itself after you’ve done something to open the door. You may not realize that you’ve done it, or even how it happened, but you are likely to avoid being a victim if you don’t make yourself vulnerable in the first place. The suggestions above are a good place to start.
Want to learn more about Cyber Safety? Here are some other recent articles on the Plug-in Blog:
Teach your kids about cyber-safety