At Allconnect, we work to present quality information with editorial integrity. While this post may contain offers from our partners, our opinions are our own. Here’s how we make money.
With the convenience of having a computer in your pocket these days comes the need to protect all of the personal data it can hold. Especially if you consider your smartphone might have 4GB of RAM, where the 1960s-era Apollo spacecraft’s guidance computer had 32KB and took men to the moon. Unfortunately, without proper precautions, all that sensitive data on your smartphone can be lost, stolen or hacked.
Why is securing your cellphone so important?
Unsecured phones can be a treasure trove to an identity thief who gets hold of your phone because of all the vital information you can access through it.
Consider what you may have stored on yours:
- Bank account numbers and access logins and passwords
- Credit and debit card information
- Social media credentials that could lead thieves to personal information
- Work-related website credentials that may allow access to sensitive data
And for each of these, unauthorized access can allow an identity thief to act as “you,” taking money or sending messages, but also to change the passwords and/or logins so you can’t get into the accounts yourself.
In July 2020, the BBC reported on what it called “the unprecedented hacking of celebrity Twitter accounts” via phones belonging to Bill Gates, Joe Biden and Kim Kardashian West.
“The successful attempt let attackers tweet from celebrity accounts and access their private direct messages,” the BBC said, and also enabled the hackers to run a Bitcoin scam that made them $100,000 richer.
10 steps to secure your cellphone
- Lock your screen. This is the basic first line of defense. That four-digit code or fingerprint check should be on every phone, but some people don’t bother with it, and that is playing with fire. Similarly, the “time out” function that determines when the lack of activity should lock the screen should be set for as short a time as reasonable. This makes it less likely that someone who finds your forgotten phone on a restaurant table will also find it unlocked.
- Avoiding charging your phone in public ports. Public phone charging stations have become ubiquitous, especially in places like airports and hospital waiting rooms. While they may be tempting, plugging in that USB charging cable can lead to “juice jacking,” which is a technique criminals use to download malicious software onto your phone. Law enforcement officials recommend carrying your own charger or backup power supply.
- Two-factor authentication. Also known as “2FA,” this means proving you are the authorized user in two different ways. To unlock your phone, one would be the PIN; the second could be your fingerprint (as long as it’s not set to replace the PIN for convenience). It should go without saying that, if an app offers 2FA, you should be using it. A 2FA-generating app allows you to create this level of security for individual applications that don’t offer 2FA. Google offers an app called Smart Lock for both Android and iPhone, and it’s free via the Google Play or iOS store.
- Mobile device management programs. With more people using their personal phones for work applications, a policy known as “bring your own device,” employers have begun to protect their sensitive data with mobile device management software. This allows the company’s IT department to secure (and oversee the use of) employees’ phones.
- Be cautious of Wi-Fi/Bluetooth usage. While these functions are very useful, it’s easy to leave them enabled all the time, even when not in use, which can allow hackers to gain access to your device. One step you can take to help make it tougher on hackers is to make your phone non-discoverable, a setting you can find in the Bluetooth menu. Public Wi-Fi, too, can be an open door to hackers, who can use it to connect to your phone and load malware onto it or steal information without your even knowing. Consider carefully if and when you want to use these functions. (And see the section on VPNs below.)
- Spam and phishing emails. These are the granddaddy of hacking and have existed roughly since email has been around. They’re designed to make you think you need to take action, and, when you do, you give personal information to an unauthorized person or group. They frequently appear to be legitimate at first glance, but a closer look usually exposes them. Don’t click on links you find in these suspicious emails. The Federal Trade Commission details what to look for and why.
- Antivirus apps. These programs, popular on desktop computers, are available for smartphones as well. There is, however, some disagreement as to their effectiveness or necessity. Smartphone manufacturer Samsung takes a “better safe than sorry” approach and suggests users download an antivirus app. Internet security firm Kaspersky says iPhone “viruses are extremely rare, but not unheard of.”
- Regular updates. Every phone should be running the latest version of the operating system it uses because updated software frequently includes security patches. Don’t keep your phone from updating, and turn it off from time to time, because updates can load when you do.
- Encryption services. These are a way to keep your data safe, even if someone gets access to it. The latest generations of both Apple and Android encrypt data by default, although earlier versions may require it to be enabled. Encryption services add to this protection and can keep people from listening in to your calls or intercepting your text messages. The most popular encryption app is arguably Signal, but both parties must be using it.
- Use a VPN. A Virtual Private Network keeps your connection to the internet from being seen by others. Your phone doesn’t connect directly to a website, it first goes to the VPN’s server and then to the site. A VPN makes using public Wi-Fi much safer. The best VPN apps don’t log (store) your information. Again, the FTC has some very good advice on choosing a VPN app. Setting one up can be tricky, but you can find tips here.
Preferences to update if you want to keep your information private
Every app has its own privacy settings, and they usually default to the least restrictive, but most will work fine without knowing everything about you, so check them. Instagram and Facebook, in particular, want to learn all about you. Make sure your privacy settings are strict.
Smartphones always know where they are – unless you tell them not to. But a lot of apps need that information to work properly. An app with a security flaw can allow unscrupulous people to track your movements. (And because location sharing uses GPS, it can drain your battery, too.)
Should you or should you not allow location sharing?
Parents with young children who have a phone may be torn, because they might want their kids to have access to, say, Google Maps, but will worry that someone else may also know their child’s location. If you don’t want to disable location sharing entirely, then check the apps on the phone to make sure they don’t transmit locations. Many such apps allow you to keep locations private or available only to a specific group.
It’s also important to make certain that the apps on kids’ phones have strict privacy settings, and that your child understands why it’s important they do.
Seniors living alone face the same issues, except that they may want emergency services to be able to find them if they call 911. Again, checking app settings will help users keep from broadcasting where they are unnecessarily.
If it’s available on your phone, you can limit the length of time locations are shared to the time needed or a time in minutes, which keeps the phone from continually using location sharing.
What to know about mobile payment apps
First, there was PayPal, and then came many other money transfer apps, such as Venmo, Zelle and Cash App. They make it easy to transfer money with just a tap or two. A survey by NerdWallet and The Harris Poll found that 79% of Americans use them.
They are generally safe, but not absolutely. For example, payment apps will protect you against transactions made without authorization, but other kinds of fraud aren’t always covered. Nor are mistakes made in entering the payment info. The good news is, the major payment apps have strong encryption, which makes it tougher for hackers to intercept account numbers.
Using the phone itself to pay for a transaction, with ApplePay, GooglePay or other mobile wallet apps is also a secure way to pay. Of course, the ability to keep your financial data private depends on your not losing the phone, and having the screen locked if you do.
iPhone vs. Android security
Because Apple doesn’t make its iOS source code available to developers, as Google does with its Android OS, it’s long been considered the more secure of the two systems. Android phones are more common targets for hackers because there are so many devices using the open-source operating system.
The best way to ensure that your phone stays secure (aside from keeping the phone updated) is to download apps only from the Apple App Store or Google Play, which vet the apps before making them available. Other sources may not do that and may exist solely to expose you to malware.
Mobile hotspot security
Mobile hotspot technology allows you to use your phone to give Wi-Fi connectivity to other devices, like laptop computers.
Convenient? Yes. Safe? Well … maybe not. The network created by a hotspot is, by default, open. That means anyone can use it to connect to your phone, so it’s not a good idea to simply enable your hotspot in a public place and use it. Avoid hacking attempts by choosing WPA2 hotspot security, using a strong password and setting a new SSID (service set identifier) name to your hotspot. The default wireless hotspot network names are easy for hackers to guess.
Hey, where’s my phone?
If you lose your phone or know for sure it has been stolen, you have some options, provided you prepared for the worst in advance. You’ll need to act quickly because thieves will likely pull out the SIM card right away.
- Use a “find my phone” app, which allows you to find it, as long as it is powered up and has location services enabled.
- Wipe all the data using an app designed for that purpose. Yes, you’ll lose your photos (although you have been backing them up to the cloud all along, right?) but that’s a small price to pay for keeping prying eyes from stealing your identity.
- Call your bank (and employers if you’ve been using the phone for work) and warn them. Change passwords immediately.
- Call the police and make a report in case you have credit disputes related to the theft. It will help if you have a record of the phone’s serial number, and its unique device identification number: the International Mobile Equipment Identifier (IMEI), the Mobile Equipment Identifier (MEID) number, or the Electronic Serial Number (ESN).
It definitely takes a few extra steps to keep your data safe when you carry it around in your pocket, but those extra steps are the price you pay to make sure your private information stays private.
Compare internet, TV and phone service offers in your area on Allconnect, for free.Compare providers
Wednesday, November 25, 2020The average cost of a cellphone plan in the US is $85
Allconnect — 3 min read
Tuesday, November 24, 2020What is Wi-Fi? Get the basics on what you need to know
Taylor Gadsden — 4 min read
Sunday, November 22, 20208 smartphone grievances and quick solutions to try
Taylor Gadsden — 5 min read