How Do I Protect the Information on My Smartphone?

• Loss of device and information theft. Smartphones are small and can easily be lost or stolen. Unauthorized users may access your accounts, address lists, photos, and more to scam, harm or embarrass you or your friends; they may leverage stored passwords to access your bank and credit card accounts, steal your money or make credit card charges; gain access to sensitive material, and more.

• Social Engineering. A common mobile threat is social engineering. Whether via text message, image, or application to download, an incoming communication may be an attempt to gain access to your information.  A current example consists of a text message that comes from an unknown number, telling you that if you click on the link provided, you’ll have access to thousands of free ringtones.  If offers like this sound too good to be true, that’s because they are.  The link is in fact a malicious link; clicking on it will compromise the security of your smartphone.

• TMI (Too Much Information). Guidelines for protecting privacy, safety, and reputation when sharing via computers also apply when sharing via smartphones. Mobile devices enable instantaneous capturing, posting, and distribution of images, videos, and information. They may also broadcast location information.

• Public Wi-Fi. Smartphones are susceptible to malware and hacking when leveraging unsecured public networks.  If you are connecting to wi-fi that doesn’t have encryption (doesn’t require a password), that means anyone also connected to it can see the information you are sending and receiving.

• Bluetooth and Near Field Communications (NFC). Bluetooth is a wireless network technology that uses short-wave radio transmissions to transmit voice and data. NFC allows for smartphones to communicate with each other by simply touching another smartphone, or being in close proximity to another smartphone with NFC capabilities or a NFC device.  Risks with using NFC and Bluetooth include eavesdropping, through which the cyber criminal can intercept data transmission, such as credit card numbers.  NFC also has the risk of transferring viruses or other malware from one NFC-enabled device to another.

Simple Steps to Protect Your Smartphone: 

1. Update the operating system. Smartphones are computing devices that need to be updated regularly. Updates often provide you with enhanced functionality and enriched features, as well as fixes to critical security vulnerabilities. Your smartphone manufacturer should notify you whenever an update is available.  Many smartphones also allow you to check for updates manually.  This is a good thing to do every so often to make sure your smartphone hasn’t missed any updates.

2. Use of security software..  As the smartphone market is increasing, so too is the amount of malware designed to attack smartphones. The software security solutions that are available for desktops and laptops are not as widely available for smartphones. A key protection is to use mobile security software and keep it up-to-date. Many of these programs can also locate a missing or stolen phone, will back up your data, and even remotely wipe all data from the phone if it is reported stolen.  There are many free security applications for Android devices that scan incoming files, block malicious links, and verify the legitimacy of downloaded applications.  For iPhone users, there are free file scanners available for download.

3. Password-protect your device. If you accidentally left your phone somewhere, would you want anyone to be able to access it?  To prevent someone other than you from opening your smartphone, enable strong password protection on your device and include a timeout requiring authentication after a period of inactivity. Secure the smartphone with a unique password – not the default one it came with. Do not share your password with others.

4. Think before you click, download, forward, or open. Before responding, registering, downloading or providing information, get the facts. No matter how tempting the text, image, or application is, if the download isn’t from a legitimate app store or the site of a trusted company, don’t engage with the message.

5. Understand the terms of use. Some applications claim extensive rights to accessing and leveraging your personal information.  If the app requires more access to your account and/or device than is needed to run the service, do not continue. In addition, be aware that terms can change over time.  Review your terms of use often.

6. Be cautious with public Wi-Fi. Many smartphone users use free Wi-Fi hotspots to access data (and keep their phone plan costs down). There are numerous threats associated with Wi-Fi hotspots.  Essentially, anyone accessing the wi-fi can see all of the information being sent over it.  This means if you are checking your bank account using wi-fi, someone else may also be looking at it without your knowledge.  To be safe, avoid logging into accounts, especially financial accounts, when using public wireless networks.

7. Disable Bluetooth and Near Field Communication (NFC) capabilities when not in use. Capabilities such as Bluetooth and NFC can provide ease and convenience in using your smartphone. They can also provide an easy way for a nearby, unauthorized user to gain access to your data.  Be aware of this when in public places.  For example, when using a Bluetooth headset for a phone call, someone sitting as close as the table across from you could also be listening to your conversation.  To help prevent these types of privacy invasions, turn these features off when they are not required.

8. Enable encryption.  Enabling encryption on your smartphone is one of the best ways to safeguard information stored on the device, thwarting unauthorized access.  Encryption is usually done through downloadable applications.  These applications encrypt your images and files on your smartphone, making it more difficult for a hacker to steal any information stored in the files.

9. Securely dispose of your device.  With the constant changes and upgrades in the smartphone market, many are upgrading their devices on a regular basis.  Have you ever thought about the information you left on your old smartphone?  Did you leave any text messages, pictures, or applications with login information stored on your smartphone when you purchased a new one?  It is important that you wipe the information from your smartphone before disposal.  Manually uninstall all applications with your login data, erase old pictures and messages, then reset your phone to the factory defaults.  Additionally, make sure any SD cards are removed and erased. If you are not redeploying the SIM card to another device, then make sure your personal information stored on the SIM card is erased or destroyed.

 For More Information:

For additional information about securing mobile devices, please utilize the following resources:

• Office of Technology Services: Mobile Device Support
• FTC – How to Dispose Your Mobile Device Securely: http://www.consumer.ftc.gov/articles/0200-disposing-your-mobile-device
• US-CERT – Cyber Threats to Mobile Phones: http://www.us-cert.gov/reading_room/cyber_threats_to_mobile_phones.pdf