How to Keep Your Data Safe When Using Mobile Devices

ExPost-24CyberSecurity
October 29, 2024 | Robert Philpot

October is National Cybersecurity Awareness Month, an annual collaboration between government and industry to raise awareness about the importance of cybersecurity.

Cybersecurity is defined as “the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software or data.”

During the month, the Exchange’s IT directorate has been sending weekly emails about cybersecurity-related topics. The Exchange Post has also been publishing cybersecurity-related stories.

If you happen to be reading this story on your phone, pay attention, because it’s about mobile-device security. And your data is more vulnerable on a mobile device.

“People are targeting phones more,” said Aaron Foechterle, Exchange data security analyst. “They can be targeted more easily than a computer at a workstation. Exchange laptops have antivirus software, and we have people on our security team who look for suspicious alerts. Our phones don’t have those security measures.”

You’ve probably received a text or call from a number you don’t recognize. Maybe the caller left a voice mail. Maybe the text looks like it was meant for somebody else. Should you respond—even if the text doesn’t have a suspicious-looking link?

“Even with numbers you don’t recognize, people are getting good at what’s called ‘spoofing,’” Foechterle said. “It’s a way of making them appear they’re with a company like Microsoft or Apple. It could be from a random number but if it’s identified as Microsoft or Appple, that can make it seem legitimate.”

Another risk is voice phishing, or “vishing.” “It can happen with either voice mails or live calls,” Foechterle said. “It’s something that’s frequently used in trying to get someone’s log-in credentials. I often help my wife’s grandmother with vishing all the time because she receives calls from people who call themselves ‘The Microsoft’ and say, ‘Your computer has a virus. Give us some money and we’ll log in to your computer and we’ll get rid of it for you.’”

Along with increasing your awareness of phishing tactics, Foechterle recommends properly configuring the Wi-Fi and Bluetooth settings on your phone.

“On some phones, there’s an option to join an unfamiliar network,” he said. “When you autojoin your phone to a Wi-Fi network, your essentially connecting your phone to that router. Some are good—you could go to a Starbucks or Chipotle and be perfectly fine.

“The issue is when you connect to a network you don’t necessarily want to,” he continues. “It would be very easy for someone at an airport or a restaurant to create a rogue device and label it ‘United Airlines Free Wi-Fi’ or something like that. When you autojoin those networks, you don’t necessarily have control to choose what you connect to. In situations like those, it’s highly recommended to not allow your device to join unfamiliar networks.”

Foechterle added that even if you directly connect to a public wi-fi network that you trust, there’s a risk that some of your info will be intercepted by other people on the network. “I highly recommend that if you’re doing a transaction that would involve sensitive information, such as logging in to your bank, that you do not do it over public Wi-Fi.”

Foechterle also suggests turning off automatic Bluetooth pairing—and turning off Bluetooth period in public situations.

With apps being one of the most-used features on phones, Foechterle recommends making sure apps are regularly updated. “If you have a banking app and the bank has a security vulnerability, the bank will address that with updates,” Foechterle said. “As long as you keep the apps updated, they’ll be as secure as they can possibly be. And it will increase the overall performance of the app as well.”

Foechterle said that even when downloading an app from a legitimate app store, you should proceed with caution. “There are a lot of apps out there that impersonate other apps,” he said. “For example, if you’re trying to download an app like Venmo, an app impersonating it could be used to harvest your personal information. The general principle for that is just to make sure you’re downloading apps from the right source. Just double-check to see if it’s an official site.”

Certain apps will ask permission to access your camera roll or microphone, or will ask to be allowed to run even when you’re not using them. “I would be very cautious about how much permission you give those apps,” Foechterle said. “The best practice, if it’s not an app you fully trust, is to not give it permission to everything or allow it to run constantly.”

Follow ExchangeAssoc FacebookInstagram and X throughout October for posts on Cybersecurity Awareness Month topics. Hashtags: #CybersecurityAwarenessMonth and #SecureOurWorld.

 

Print Friendly, PDF & Email

Related posts:

How to Create a Strong Password and How to Use Multifactor Authentication How Not to Take the Bait When Phishing Happens What You Should Know About Artificial Intelligence’s Risks to Your Data Top 4 for 2024: Cybersecurity Best Practices for the New Year
Posted in , ,

Leave a Comment





This site uses Akismet to reduce spam. Learn how your comment data is processed.

Related posts:

How to Create a Strong Password and How to Use Multifactor Authentication How Not to Take the Bait When Phishing Happens What You Should Know About Artificial Intelligence’s Risks to Your Data Top 4 for 2024: Cybersecurity Best Practices for the New Year