Mobile Security Tips for End Users

In a mobile world, it is important to conduct a risk analysis of whether a person may be a target of an attack on their phone. A number of vulnerabilities have been utilized over the years, such as Pegasus, that allow for remote access to phones; all the end user has to do is click a bad link, and the threat is placed on their phone. Your personal information will be compromised, and if you use it for work, your company’s information is now at risk too.

Here are some steps one can take to reduce the exposure to phone-based attacks, depending on the level of risk…

Procedural Security: Reduce the amount of information that could be stolen

  • Minimize the amount of private information stored on the phone (email, texts, photos, passwords, documents, etc.)
  • Minimize the amount of private information conveyed during phone calls.  Use coded language where necessary
  • Minimize the phone’s automatic authenticated access to other data sources (email, VPN, finances)
  • Don’t take the phone into private meetings where there is a concern for eavesdropping
  • Cover the cameras when not in use

Technical Security:
Reduce vulnerability to attack by malware

  • Keep phone OS up to date
  • Don’t click on untrusted or shortened web links
  • Disable WiFi and Bluetooth when not specifically in use
  • Avoid use and installation of 3rd party apps where possible
  • Don’t use a business phone for personal use, and vice-versa
  • Factory reset the phone (re-install phone OS) on a regular schedule
  • Install reputable endpoint protection software

Physical Security:
Keep the phone within your control

  • Don’t leave phone unattended or in control of anyone else (conferences, hotel rooms, federal buildings, office, car, etc.)
  • Turn phone off near security checkpoints
  • Ensure your phone is locked and that access requires fingerprint versus password access
  • Don’t publicize your phone number beyond those you trust
  • Use a second phone for travel to risky geographies and leave the primary phone at home. Leave second phone turned off when not in use.