Data is a precious commodity. Especially in regulated industries. Cybercriminals will do anything they can to grab the secrets off your smartphone.
Professionals in regulated sectors, such as legal and financial services, have come to rely on their smartphones. Financial and legal firms often provide staff with a work mobile, whether you are underwriting mortgages or selling to brokers, but many have also embraced the bring your own device (BYOD) movement, with data, documents and emails flying between both devices.
Unfortunately that means your smartphone’s data can be a prime target for hackers and cybercriminals, so it’s vital to have robust mobile security processes in place.
Setting a password or activating biometric access is the minimum precaution you should take when handling sensitive information, even if it’s only forwarding the odd work email to your personal device.
Here are five top tips for those who need to maintain a higher standard of security on smartphones.
#1: Set a password
We rarely leave our smartphones out of sight. They’re usually in our hands, our pockets, on our desks, connected to the car, or in our ears playing music when travelling on a plane or train. But there are moments when everyone puts them down and briefly forgets. Panic usually sets in pretty quickly. What if, at that moment – in a pub, in a shop, on a train – it was stolen?
Without a password, this would be like leaving your house with the door unlocked and broadcasting on Facebook you will be gone for a while, and there are a lot of valuables inside.
Most of us have some type of password on our phones, but are they really secure? When meeting a client recently I noticed that their smartphone had a very clear fingerprint trace showing exactly how to unlock the phone using the pattern set on their Android. It took me 2 attempts to unlock the screen.
This is known as a ‘smudge’ attack and is a plausible risk if someone gets access to your phone. Fortunately there are better ways to secure a smartphone such as using biometrics.
#2: Enable a Virtual Private Network (VPN)
In most professional services companies, IT and security teams will insist – for regulatory and compliance purposes – that work and in some cases, personal devices, are protected within their VPN. This may make it more difficult to connect to home and public Wi-Fi networks – until they’re approved by security – but it does make your device far safer. So don’t change from Sky to Virgin broadband without telling the office first – it won’t recognise or approve the new IP address automatically.
On a VPN you gain most, if not all, of the security benefits of working from the office. VPNs provide stronger perimeter defences than you would ordinarily get on a smartphone, reducing the risk of cyber attacks, data theft, and providing an additional layer of security if your phone is lost or stolen.
#3: Keep your operating system and apps updated
New operating systems (OS) include the latest security upgrades and patches. Don’t delay downloading and upgrading when prompted. Normally several prompts will come through, and Apple devices often upgrade overnight automatically if you have plugged your phone in to charge.
If you need to upgrade manually, you will find a new OS waiting in Settings, under Software Update (Apple and Android use an almost identical menu option for this core feature). Remember to backup your device beforehand.
#4: Download a mobile security app
When it comes to assessing security flaws within apps on the main app stores, Apple is ahead of Android. Google is constantly removing fake apps – they often contain malware and other harmful viruses – from the Google Play store. Whereas Apple’s pass criteria for publishing a native app is far more stringent.
Sticking to downloads from official app stores, instead of third-party websites is another way to stay safe. As are mobile security apps. Your IT and security teams might provide security apps as part of their own precautions. If not, or if you send work to your personal device and want another layer of security, then it’s worth investing in some mobile security apps.
#5: Get your device scanned
Did you know that 60% of people have had their personal information stolen?
Your data could be floating around the dark web, even if you don’t realise it. Which is why it is worth getting your device and email addresses (especially those connected to bank accounts, social networks, and work emails – a popular target for cybercriminals) scanned.
DynaRisk will scan your email for free, and if you need more comprehensive security from them, you can have devices and email addresses scanned and protected for a small annual fee.