Mobile Security Tips for End Users
In a mobile world, it is important to conduct a risk analysis of whether a person may be a target of an attack on their phone. A number of vulnerabilities have been utilized over the years, such as Pegasus, that allow for remote access to phones; all the end user has to do is click a bad link, and the threat is placed on their phone. Your personal information will be compromised, and if you use it for work, your company’s information is now at risk too.
Here are some steps one can take to reduce the exposure to phone-based attacks, depending on the level of risk…
Procedural Security: Reduce the amount of information that could be stolen
- Minimize the amount of private information stored on the phone (email, texts, photos, passwords, documents, etc.)
- Minimize the amount of private information conveyed during phone calls. Use coded language where necessary
- Minimize the phone’s automatic authenticated access to other data sources (email, VPN, finances)
- Don’t take the phone into private meetings where there is a concern for eavesdropping
- Cover the cameras when not in use
Technical Security: Reduce vulnerability to attack by malware
- Keep phone OS up to date
- Don’t click on untrusted or shortened web links
- Disable WiFi and Bluetooth when not specifically in use
- Avoid use and installation of 3rd party apps where possible
- Don’t use a business phone for personal use, and vice-versa
- Factory reset the phone (re-install phone OS) on a regular schedule
- Install reputable endpoint protection software
Physical Security: Keep the phone within your control
- Don’t leave phone unattended or in control of anyone else (conferences, hotel rooms, federal buildings, office, car, etc.)
- Turn phone off near security checkpoints
- Ensure your phone is locked and that access requires fingerprint versus password access
- Don’t publicize your phone number beyond those you trust
- Use a second phone for travel to risky geographies and leave the primary phone at home. Leave second phone turned off when not in use.
Deciding between keeping IT security tasks in-house or relying on a partner with specialized expertise, can be compared to managing home improvement projects. There are many things you can try to repair using the Do-It-Yourself approach. If everything goes just right, you might save yourself some money, and hopefully, you’ve got time left over to relax. But what if everything goes wrong?
Take a moment and think about your company’s network as your home. In our houses, we go to great length to secure ourselves—doorknob locks, deadbolts, smart locks. Now look at your corporate network, how do you feel about the front door of your network? Does it give you the same sense of security that the front door of your home does? This is why we need network security.
Once ransomware is resident on a system, it can be a simple money collection exercise or a means to an end to capture intellectual property. Lost intellectual property may allow an organization in another country to leap forward and deliver your discoveries.