For many of us, our smartphones have become the most important devices in the world. We stay in touch with colleagues and family members on our mobile devices. We navigate calendars, bank accounts, and shopping carts on our mobile devices. We download files, upload photos, and share locations on our mobile devices.
And yet we don’t treat the data on our mobile devices with the same care as the information stored on our laptops, desktops, and servers. Hackers frequently target major social media apps, compromising the personal information of hundreds of millions of users. Location-based workout apps have been used to leak sensitive government information. Camera apps have been left with lax security gaps, allowing cybercriminals to steal photos used in phishing campaigns.
The biggest issue, however, comes when smartphone apps aren’t updated. New versions often contain critical security patches that fix known vulnerabilities. And all it takes is a couple of days of neglecting to install the update to put the avalanche of private information stored on your smartphone at risk.
How does a hack like this work?
Last year, a security gap in the popular Outlook for Android app allowed bad actors to craft and send a spoofed email message. If a user clicked a link in that email or downloaded its attachment, hackers could infiltrate that phone and run malicious scripts to reverse engineer a fake app. That could then steal any type of information stored on a smartphone: social media passwords, financial logins, work files, personal photos, and much more.
The popular messaging app WhatsApp was also targeted by hackers, who were able to exploit an old version of the app to remotely install spyware on iOS and Android devices—without users ever noticing. And in April 2020, a cyber thief compromised the entire Android App Store itself, putting the private information of 20 million users at risk.
Luckily, smartphone manufacturers and app store administrators are taking notice. Most apps on the iOS and Android platform update automatically, and new settings rolled out by Google and Apple scan a smartphone’s apps looking for hidden malware, keystroke-logging scripts, or data hacks. But certain security settings can prevent regular app upgrades—and all it takes is one forgetful moment to put your information at risk.
So how can you secure your smartphone?
1) Update your apps.
Makes sense, right? The problem is that some apps require special permissions to download, or will only download when your phone is fully charged and connected to Wi-Fi. That makes it easy to put off an update or forget to set one in motion, even though this is the most important step for mobile device health. App developers work hard to address security vulnerabilities as soon as possible. Reward their commitment by downloading app updates when they become available. If this step seems intimidating, a trusted IT provider can help with recommendations, action plans, and smart security strategies.
2) Only install apps from official sources.
Along with updating existing apps, it’s important to only download new apps from official sources like Android’s and Apple’s App Store. These stores require certain safeguards before an app can be offered on its storefront, and any unreliable apps will often be vetted and removed. However, malicious apps can sometimes slip through the cracks, which means that users should pay attention to the app developer’s name and read reviews of apps you might not be sure about. Bad actors will often list an app that looks or sounds similar to a popular one, or try to promote suspicious add-on apps that can surreptitiously install malware into existing apps. If a developer has created other apps with suspicious names or has even one or two bad reviews, don’t install it.
3) Pay attention when granting permissions.
After you’ve safely and securely downloaded or updated a trustworthy app, slow down before you automatically accept all permissions related to it. Blindly allowing an app to access your device’s location, camera, microphone, contacts, or other sensitive areas of your phone could lead to trouble. If you aren’t sure about specific app permissions, navigate to your phone’s privacy settings and manually review which app access which part of your phone. If anything looks unfamiliar or unsafe, deactivate that permission and immediately reach out to a trusted IT provider.
4) Remove old or unused apps from your smartphone.
If you come across an old app that you haven’t used in ages, don’t just let it hang out on your phone—doing so can often provide hackers an opening into your device, especially if the app in question has been discontinued or removed from extended support. Instead, free up your phone’s memory and be proactive about smartphone security by deleting the forgotten app. Make a habit of cleaning up your smartphone menu on a monthly or quarterly basis to eliminate these vulnerabilities.
5) Activate multi-factor authentication (MFA) for your phone login and apps.
This typically manifests itself as a one-time code to be entered along with your usual password, or as a fingerprint login or Touch ID. Making sure this setting is activated under your Settings > Password & Security menu could serve as a digital lifesaver if your smartphone is infected with malware or another kind of malicious app that steals existing passwords and locks you out of certain accounts. Not sure how to put MFA in place? A trusted IT provider can help.
6) Avoid unsecured public Wi-Fi networks.
Since many of us are working from home and reducing our travel these days, this isn’t as big a deal as it’s been in the past. But once the COVID-19 pandemic passes and we return to some semblance of normalcy, many of us will relish the opportunity to work at a coffee shop or library again. When you do, remember that it isn’t safe to just sign in to a public Wi-Fi network, which can expose you to serious security problems. If you have cell phone service, stick with your carrier’s network for connectivity, particularly if you’re accessing any sensitive financial information or collaborative documents. Alternatively, a VPN (Virtual Private Network) can provide a secure connection to the Internet no matter where you are.
Unsure about the status of your smartphone apps? Worried that security vulnerabilities could affect you? Ready to extend an extra layer of protection around your employee’s mobile devices? Contact CMIT Solutions today. We strike the right balance between in-office and remote cybersecurity, empowering you and your employees to work anytime, anywhere while protecting data and keeping all devices safe.