Protecting smartphones is a priority for companies and it should also be for users. Every time we use the mobile to do more things, so it is an increasingly important target of cybercriminals
Do you use your smartphone everywhere? Do you always have it at hand, next to the bedside table while you sleep? When you leave home, do you prefer to leave your wallet forgotten before your mobile? Do you have your bank details and financial information stored on your mobile? And the car and house keys, do you also carry them on your mobile? Finally, do you have the feeling that your smartphone has become an extension of your hand and your mind? If you have answered yes to most of these questions, you should start looking for help. .. or just keep reading.
With iOS and iPadOS 15, you can add digital copies of your driver’s license and your work, study or official documentation to your Apple Wallet, along with credit cards. You will also be able to show your digital ID and boarding pass on your iPhone or Watch when you are at the airport security control, to access your flight. And in addition, you can upload a copy of your COVID vaccination card to your mobile, since more and more restaurants and indoor venues require proof of vaccination to be able to access. Undoubtedly, soon you will be able to leave your wallet and your ‘physical’ keys at home, and simply go with the mobile device everywhere.
Unfortunately, nowadays cybercriminals use both physical and virtual vectors to attack mobile devices, so protecting smartphones is essential. Threat actors want to control the processing power of your device, which they can use to mine cryptocurrencies, participate in mobile botnets in order to send phishing messages, steal your data and sensitive information (including login information), display malicious ads, perform distributed denial of service (DDoS) attacks on websites, or cyber espionage. These cybercriminals intend to steal mobile identities, digital wallets and financial account information to sell to hackers on the ‘dark web’.
Unfortunately, nowadays cybercriminals use both physical and virtual vectors to attack mobile devices, so protecting smartphones is essential
Faced with this situation, it only remains for us to take a deep breath and fight hard against these threat actors. We recommend that you follow these best practices to protect smartphones, both physically and virtually, by applying multiple layers of protection.
1. Activate the screen lock of your device with biometric authentication such as iOS Face ID, fingerprint, Android face unlock or Samsung iris unlock. This is the first barrier that the hacker will try to bypass if your mobile is lost or stolen.
2. Enables file-based encryption. This function is activated automatically as soon as a strong passcode is created, from which the data protection process for file-based encryption starts. This is the second barrier that a threat actor must face.
3. Never share your credentials turn on multi-factor authentication (MFA) for your online accounts and remote access services, such as virtual private networks (VPNs). It uses more secure authentication factors, based on inherence (biometrics), possession and context (location and time of day), not ‘knowledge’ factors such as passwords or pins.
4. Try not to connect to unsecured WIFI networks. If you must do this in public spaces, such as the airport or the hotel, keep a VPN always active.
5. Aregularly update your operating system and applications.
6. Install a mobile threat defense (MTD) on all your mobile devices, preferably one that has advanced detection and protection capabilities at the device, application and network level, including anti-phishing protection for email, attachments and text messages.
7. Download only apps from the iOS App Store or Google Play. If your company uses a unified endpoint management (UEM) platform, the IT administrator can deploy the company’s ‘app store’ or silently install work apps on the managed device. If your device is stolen or lost, the EMU can remotely lock or erase it, to further safeguard your data.
8. Do not jailbreak or root to your mobile devices. By doing so, you remove the native protections of the device and allow malicious exploits to be installed that will control it.
9. Make a backup of important data on your desktop computer, or upload them to your trusted cloud storage service.
10. With the ongoing pandemic and the resurgence of COVID, we spend a lot of our time at home. I i use a home firewall, with an intrusion prevention system activated in front of my wireless router. There are free, open-source firewalls that you can install and run on an older PC, with easy-to-follow online instructions.
Use common sense to protect smartphones from cybercriminals, just as you would if you had to protect your wallet and valuables from thieves. Go a step further and implement these measures, more aggressive, to protect all your mobile devices. Undoubtedly, more for the value of confidential data and irreplaceable content that your device may contain, than for the cost of replacing it.
James Saturnius. Senior Lead Technical Market Advisor. Ivanti