Smartphones have almost become extensions of our bodies. Many of us have them in hand or within reach, 24 hours a day. According to survey results published by Reviews.org in April 2021, Americans check their phones 262 times per day—that’s every 5.5 minutes. In February, a Statista survey found that nearly half of all respondents admitted spending five to six hours a day on their phones—and that’s a self-reported total, so the number is probably even higher.
Yet we don’t think about cybersecurity protection for smartphones nearly as much as we do cybersecurity protection for laptops, desktops, networks, and other devices. And that’s on a device we use to stay in touch with family, shop 24/7, and share personal information—along with monitoring our medical records, tracking our finances, and sharing our real-time locations.
It’s no surprise, then, that hackers and cybercriminals have targeted mobile devices to steal valuable data and glean private information. Location-based workout apps have been used to leak sensitive government secrets. Photos uploaded to social media are often stolen for personalized spearphishing campaigns. And just last week, Android malware distributed through the Google Play Store was discovered by cybersecurity experts to be harvesting login credentials from banking and cryptocurrency apps.
This particularly nefarious bank fraud was perpetrated by triggering a hidden screen recording that started when mobile phone users entered their login name and password. Hackers then used those credentials to withdraw money—minutes later, of course, after the screen recording showed that the unsuspecting user had logged out of the app and wouldn’t immediately notice unauthorized activity.
Sounds easy, right? Most apps on the iOS and Android platforms update automatically with critical security patches. The problem is that some apps require special permissions to download, or will only download when your phone is fully charged and connected to Wi-Fi. That makes it easy to put off an update or forget to start installing one, even though this is the most important step for mobile device security. Hackers are always devising new tricks, but smartphone manufacturers and app store administrators are keeping up by addressing security vulnerabilities as soon as possible. If this step seems intimidating, a trusted IT provider can help with recommendations, action plans, and smart security strategies. Just remember that all it takes is a couple of days of neglecting to install an update to put the vast treasure trove of private information you store on your smartphone at risk.
Updating existing apps on your phone is one thing—making sure all your new app downloads come from official Android, Google Play, or Apple App Stores is equally important. These stores require developers to meet certain standards before an app can be offered on its storefront, and any unreliable apps are usually reviewed and removed quickly. Still, malicious apps can sometimes slip through the cracks—or misdirects can take you to a spoofed site that looks like an app store. Pay attention to an app developer’s name and read reviews of apps before you download them. Just like you do with emails, look for shoddy misspellings or subtly suspicious links that might promote an add-on to a popular app but actually can surreptitiously install malware over existing apps. If a developer has created other apps with suspicious names or has even one or two bad reviews, don’t install it.
In many ways, this is the safest step for smartphone security. If you have to use Touch ID or Face ID to log in to your phone and access your apps, even a stolen password won’t allow a hacker to immediately steal your information. Although multi-factor authentication (MFA) and single sign-on (SSO) require an extra step (one-time text code, push notification, or personally identifiable ID entry), it’s worth the extra effort to protect your mobile device. Make sure this setting is activated under your Settings > Password & Security menu—it could be a lifesaver if your smartphone is infected with malware. Not sure about deploying MFA or SSO? A trusted IT provider can help.
Every new app asks for permission to access other parts of your phone like the camera, microphone, or location services. But just don’t click “Allow at all times” because it’s easy—even a safely installed, trustworthy app might want access to sensitive areas of your phone. If you aren’t sure about specific app permissions, navigate to your phone’s privacy settings and manually review the settings for each app. If anything looks unfamiliar or unsafe, deactivate that permission and immediately reach out to a trusted IT provider.
We’re all guilty of letting an old app languish deep on our home screen menu. But never logging in and never bothering to remove it can have serious consequences, offering hackers access to your device if the app has been discontinued or removed from extended support. Free up your phone’s memory and strengthen your overall security by deleting any apps you don’t use or need. This is an easy step to complete every couple of months to be proactive about the overall health of your mobile device.
Many of us are still working from home these days and not traveling like we used to. From a cybersecurity standpoint, that’s a good thing and a bad thing: good because we’re connecting to different Wi-Fi networks less often but bad because we might not be as vigilant about avoiding public ones when we do. Any unsecured Wi-Fi access can put sensitive information on your phone at risk—particularly if you log in to banking apps, check your email, or shop online. If you have cell phone service and need to connect to the Internet, stick with your carrier’s network or set up a personal hotspot with a unique password. VPNs (virtual private networks) can also provide an extra layer of security.
It’s a fact of life that smartphones are critical to your day-to-day lives. And that’s OK—let’s just treat them with the respect and caution that such critical devices deserve. If you’re not sure about the status of your smartphone apps or worried about security vulnerabilities for remote staff, contact CMIT Solutions today.
We treat smartphones as an extension of your business—deserving of the same multi-layered protection as laptops, desktops, networks, and hard drives. We’ve worked with thousands of businesses to balance on-site work with telecommuting arrangements, empowering you and your employees to work anytime, anywhere while protecting every device.