Today, most people are storing a lot of personal information on their smartphones. This makes it vitally important that users be pro-active in protecting both themselves, and their private data. Read 8 critically important cell phone security tips to help you protect your smartphone and more importantly, your privacy. Click each of the 8 tabs below to read what you need to know, and become your own smartphone security expert. Take these concrete steps to secure your phone, now!
The most common way of compromising your phone is by Malicious Apps.
Your device and your personal information are at risk from malicious apps so to protect yourself, your smartphone should be treated the same way you would treat your desktop. You must be responsible and discerning when choosing apps to download, because, today, malicious apps are the most common way of compromising your phone and the data stored within it. At this point in time there's no fool-proof way of avoiding malicious apps, so below we have listed some useful tips on how to keep both your device and personal data safe.
● Be cautious when paid apps are offered for free from an outside website.
Occasionally, app developers will discount the price of an app, but this is usually done within an official app store. Be very cautious when you see a free app being offered on an outside website: It is highly possible that the app is malicious in nature and not legitimate.
● Knock-off apps could hide a hidden motive.
When an app is successful, count to ten and there will be imitation apps flooding the marketplace. Some will simply be trying to make money by stealing downloads from the hit app, but be aware that others may try to steal personal information, or infect your device.
● Check the number of downloads and the app reviews.
Check reviews by fellow consumers to determine if an application does everything the developer said it would. If an app has a lot of downloads, positive reviews, and high ratings, it is a fair indication that it is meeting consumer expectations. Be cautious of apps with fewer downloads, user complaints, and low ratings – it could well mean that this is a questionable app.
● What permissions are you allowing?
Make sure you're aware of the parts of your phone you're granting the application access to, and be very sure you're comfortable with this decision. If you have any doubts at all, don't do it! Keep in mind that there's a lot of sensitive information contained within your smartphone, so you must be proactive in keeping that information protected.
● Use security apps to evaluate other apps.
Make use of the security applications that are out there to help you. Antivirus Security by AVG, NQ Mobile Security, and Lookout Security & Antivirus are apps that scan applications for viruses and malware. Clueful apps and Online Privacy Shield have been designed specifically to assist you in evaluating permissions: They identify how your personal information is being used by applications, then rate the potential risk as high, moderate, or low.
"Change Your Password" is the most common response to a security breach.
You probably get tired of hearing the phrase "Change Your Password" and you may even ignore the request, but this will always be the most common response to a security breach because it is most crucial. Keep in mind that the best security measure you have is a strong password that is changed regularly. For every company data breach you hear about, there're atleast 100 other companies around the world whose data is hacked and stolen. Therefore, changing your login info regularly (maybe once a month) would minimize impact of loss to your security. Below we have listed some advice on passwords:
● Use unique passwords for different accounts.
Whenever possible, you should use a unique password, particularly for services that access sensitive information like email accounts, bank accounts, shopping sites, and so on. Many people use the same password across the board! However, keep in mind that should one service be compromised, it leaves all their other accounts at risk. Hackers are desperate - If they realize they have got your password for one account, they will assign the task to their subordinates to try other major accounts using same passwords and more of your data could be compromised.
● Regularly change your passwords.
Remember that many times passwords are stolen without the victim's knowledge, and that stolen passwords are often not used immediately. Let us say you're not aware that your password has been stolen: If you periodically change your passwords, you could be able to protect yourself before the thief has had the opportunity to use it.
● What does a "strong" password mean?
1. A strong password consists of at least eight characters.
2. It does not contain your real name, your username, or your company name.
3. Your password should be entirely different from your previous passwords.
4. A strong password contains characters from all the following categories: Uppercase and lowercase letters, Numbers, Keyboard symbols, such as $@!#.
5. A strong password should not be obvious and it should not be one complete word, like your company name, phone number, birth-date, username, or successive numbers like 000000 or 123456.
If you don't report theft to your carrier, the smartphone can be worth $500+ to the person who stole the phone. If you do, all they can get from it is about $25 for phone parts (if they can find a buyer).
Not reporting a stolen phone to the carrier is like handing $500+ to the thief that stole the phone because it will be worth a lot more in used phones market (and it is huge!). Once it is reported stolen, it is blacklisted by all carriers within the universal IMEI blacklist so it cannot be activated anymore. The value then drops to practically zero dollars because they won't find a buyer anymore. When a buyer from Craigslist or Kijiji tries to buy a phone, they make sure that it can be activated to ensure it is not stolen. However, if it is not reported stolen, it can be activated by any carrier that supports the phone's mobile network. This makes them think it is a legitimate sale and they pay the seller so the thief walks away with the money.
● Take action A.S.A.P. instead of watching and waiting for it to show up.
We suggest you take the following action steps in an event that your phone is lost or stolen:
A. If your phone should become lost or stolen, immediately contact your cellular service provider's customer care/service support department. Besides suspending service to the phone to prevent use, they can review options to either temporarily or permanently replace your device.
B. Contact the police immediately to file a report if you believe your phone has been stolen. All carriers work in conjunction with local law enforcement officials on cases relating to the theft of cell phones. Stealing anything worth $500 to $1500 is a Class A misdemeanor offense, and it is not taken lightly. Law enforcement will try to track and may find the perpetrator if provided some clues.
C. Lock, locate, and erase the private data on your device by using your mobile security. Don't try to recover your phone on your own, because safety should always be your first priority. Do not make any risky and rash decisions in a fit of anger because you may risk what you have left - Your life.
True, it is a traumatic experience losing your smartphone or have had it stolen from you. However, look at the bigger picture - It is your phone that is stolen, you are still alive and well. You can still get a new and a better phone to go about your life as you did before you had that old phone. Take it easy. Time heals everything. You will get over it in a few days so please be patient.
● Protect your private information.
In the event that a device has been stolen or lost, we encourage customers to protect their private information in the following ways:
1. To prevent access and use of the device, handsets should be locked with a pass code.
2. A mobile security application should be used for all smartphones. There're applications that have features for locating, locking, and clearing personal data from a lost or stolen cell phone.
3. Back-up! Back up your contacts, emails, photos, and videos that you would need or want if your phone went missing. Save them to a USB drive or cloud device, or to your computer. Better be safe than sorry afterwards.
Phone scams are increasing exponentially because following knowledge is not general knowledge, yet.
In olden days, the only thing we had to worry about with our wired phones is being wiretapped. Now with emergence of smartphones, there is so much more to worry about! There are so many ways your mobile device can be subjected to scams - like text, phone calls, emails, and so on. A large part of being a responsible citizen in today's digital world is being aware of what is true, and what is not. Even though cellular carriers, non-profit organizations like the BBB or Better Business Bureau, and law enforcement agencies are constantly monitoring for scams and then alerts customers when there're threats, it is still important that users of mobile devices be cautious. Here are our most important tips on protecting yourself from mobile scams:
● Never, ever, offer your personal information to an incoming caller.
This includes your full name, physical or email address, banking information, passwords, credit card number, and your Social Security number. It is highly unlikely that any legitimate business would initiate a call and ask for this private information. Ask for their number instead and tell them you're busy and will call them back afterwards. Then research in phone directory, Internet, and elsewhere to confirm that the number provided is indeed the familiar company you do business with, and the caller said they are calling from.
● Don't put too much trust in caller ID.
Today, spoofing scams have become all too common, and these scams make calls appear to come from a familiar or local number. They can make ANY name and number appear in your caller ID. Their calling software enables them to do that. If you're not expecting a call and/or you don't know the number you're seeing, our advice is to screen your calls by letting them go to voicemail. If no message is left, then don't call the number back, because the actual owner of the number is probably not the person who originated the phone call because they would have left a message if they had to say anything whatsoever. People at work do not have an option to be too shy to leave a message.
● Be wary of "urgent" messages about an account.
Should you receive an urgent call, voicemail, or text, about one of your accounts, check your account status by deferring to the phone number on your statement. If there's no past due bill, etc., you must raise your guard. Don't call the number provided by the caller or the number that is in the message. If you have suspicions and you're on a call, ask for a call back number, then before continuing the conversation, investigate further online, as suggested above.
● Learn the signs of telemarketing fraud.
By law, telemarketers are required to provide the following information:
A. They must identify the call as a sales call.
B. They must identify the name of the seller.
C. Before they make their sales-pitch, they must advise what they are selling.
If the above information is not offered, say "no thanks" and hang up. Keep in mind that legally, telemarketers are only allowed to make calls between 9 am and 9 pm, so calls received outside these hours are a red flag for telemarketing fraud.
● Use the national "Do Not Call" registry.
In order to avoid telemarketers and protect yourself from potential scammers, register your phone number with the National Do Not Call Registry. Do this by going to donotcall.gov. We're not 100% proponent of this method because anything online can be possibly hacked and misused but wanted you to be aware in case you feel comfortable doing that, and believe it may help after reading the assurances provided at that government website.
● Be careful when exposing your mobile phone number.
Limit exposure of your number: Consider your options before posting your mobile number on a public website. We know there's software available to attackers who collect mobile phone numbers from Internet, then target attacks using those numbers.
● Block unwelcome phone numbers.
Consider blocking unwanted phone numbers on your Android or iPhone if you continue receiving unwanted calls from a recurring phone number. Contact your phone manufacturer or visit Apple's App store to find an app that does that. Or read our blog post on how to block calls on Anroid phones.
● Never follow links in suspicious text messages or emails.
No matter how tempting, it is highly likely that these links will lead to a malicious website that when visited will automatically download malware or spyware to your phone.
● Don't open attachments from unknown sources.
It is very important that you don't open attachments that you're not expecting, or attachments that come from unknown sources: These attachments often contain harmful viruses that can cause a lot of damage.
● Report phone scam attempts to the FCC.
Do your part - Phone scams should be reported to the FCC because these scams can affect all types of phone lines, on any carrier. Be alert to new and changing threats, because scammers are constantly finding new ways to circumvent systems in place. If all of us that experience these reported them, it will make the job of law enforcement agencies much easier and it will help us all in the long run.
Got a new smartphone? Your phone security settings should be as follows.
Today, consumers are increasingly using their mobile phone for capabilities that were previously only available on PCs. Most mobile phone security is dependent on the user making cautious and intelligent choices. However, even the most careful user can fall victim to an attack on their mobile phone. You can reduce the likelihood or consequences of an attack by following best practices for mobile phone security from the United States Department of Homeland Security.
● Configure security on your device.
There's a password feature on your smartphone that locks the device until the correct password or pin has been entered. Make sure you enable this feature with a password that is reasonably complex. If available, enable encryption and remote wipe capabilities.
● Web accounts should be configured to use secure connections.
Certain website accounts can be configured to use secure, encrypted connections: Look for SSL or HTTPS in account options pages. Attackers can be deterred from eavesdropping on web sessions when this feature has been enabled. You will find that most popular social networking and mail sites include this option.
● Consider carefully information you store on your device.
Keep in mind that an attacker only needs time, sophistication and access to your device to obtain your private information. Is information you're entering easily understandable by anyone that reads it? Make it difficult to understand - For example, don't use the words "Bank of America login info"; or even "BoA". Use something like, "MNY" (for money) so it is not easily attributed to a particular bank.
● Disable interfaces not currently in use.
Interfaces like Wi-Fi, Infrared, and Bluetooth should be disabled when they are not in use. Vulnerabilities in software that use these interfaces can be exploited by attackers. They are constantly sniffing for these signals in public places and waiting to attack and access data in your phone for blackmailing your or for profit.
● Set your Bluetooth-enabled device to "non-discoverable".
A Bluetooth-enabled device becomes visible to other nearby devices when in discoverable mode, which could easily alert an infected device or attacker to target you. However, when your Bluetooth-enabled device is in non-discoverable mode, it becomes invisible to other un-authenticated devices (in theory, if phone & software is working properly without gaps or crack in the code). As stated before, it is best to turn it off completely.
● Avoid using public Wi-Fi hotspots and joining unknown Wi-Fi networks.
Those early days are long gone when security was never at the forefront when using smartphones. Now keep in mind that attackers are capable of creating phony Wi-Fi hotspots, designed specifically to attack mobile phones. They may also patrol public Wi-Fi networks seeking unsecured devices. It is also important to enable encryption on your Wi-Fi network at home.
● Prior to discarding a device, delete all stored information.
Look for information on how to securely delete data by checking the website of your device's manufacturer. There must be a "Factory Reset" option in your phone that wipes all information to put smart phone in original state when you purchased it. Before recycling or trading in your device, you can also ask your cell phone service provider to assist in securely wiping your device.
● Third party software should be used for encrypting on your PC.
If you intend encrypting phone data when it is backed up to your PC, make sure you use third-party services.
● Download mobile security apps.
There're applications available in app stores for remote wiping capabilities, anti-virus protection, and app assessment.
Children with Smartphones are a whole new ballgame for this generation - Know these facts to protect your child.
Today we're seeing children using wireless at very young ages, doing everything from staying in touch with friends and family, to using apps for entertainment, education, and safety. More than ever before, it is vitally important that parents educate themselves and talk to their children about staying safe.
● Educate yourself.
It is vitally important that parents become educated about the dangers of cyberspace. Adults are the best resource in protecting children from cyberspace threats, and are therefore the first line of defence. Be aware of how your kids are using their wireless devices. Ask what features and apps they are using on their phone. You can always ask a your cellular store representative to teach you how to better use your own device, if necessary.
● Make rules.
Setting rules for how and when your children can use their mobile phones teaches them to make better decisions for themselves. The rules regarding where your children can go on Internet, the information they are allowed to share, and who they are allowed to have contact with, should be very clear. Strongly discourage them from sharing personal information like their name, age, location, school, and so on; because, as we're learning to our dismay, information posted online is a lot more permanent (and public) than it may initially seem. Imagine being 50 years and seeing your post online from when you were 10 years old. There may be some regrets in use of judgement because names don't change. However, our age and good or bad judgement does. Therefore teach them to practice restraint online, so they do not have regrets later in life.
● Review their phone settings.
As an adult, it is up to you to review your child's smartphone settings and social profiles, making sure you're fully aware what information is being publicly shared. Keep in mind that most social networks have privacy controls, and that location settings can be turned off on all smartphones.
● Restrictions in phones allow parents to restrict access to harmful influences.
Restrict access to explicit music, restrict app downloads, and restrict TV and movies that are not age-appropriate. Using these features are the perfect way of reinforcing rules already set.
Parents should use the "Restrictions" menu on their child's iPhone to create a pass code on the device and set restrictions on the use of app downloads, Internet, camera, and more. Specific websites can be blocked, as can access to location information and apps that might not be age-appropriate.
To enable, go to Settings > General > Restrictions.
Resources available for iPhone restrictions include "Restrictions Setup Guide" and "Apple Support" Page.
"Family Sharing" can also be set up on iPhones, and this allows parents to either decline or approve downloads of free or paid applications on their child's iPhone. If you're part of a Family Sharing group, you will be able to locate lost devices as well as locating other members of your family.
To enable, go to Settings > iCloud > Family Sharing.
Resources available for iPhone Family Sharing include "Setting up Family Sharing" and "Apple Support" Page.
In the Google Play Store, parents should visit the "Parental Control" menu on their child's android device. From here, parents can create a pass code on the device and set restrictions on what content can be downloaded or purchased.
To enable, visit "Google Play Store" > Menu > Settings > Parental Controls.
Resources available for restrictions on Android devices include "Parental Control Setup Guide" and "Android Support" Page.
These safety features reinforce rules already set. Talk with your children and ensure they understand what is right and wrong, as well as what you're blocking, and why.
● Discuss these restrictions with your children.
Once your children know what you're blocking, and why, continue keeping the lines of communication open with them. They should understand they can come to you at any time if they see something inappropriate online.
● Remind your child to "Stop and Think".
Sharing is generally an instantaneous reaction, and it is very easy to get caught up in the moment. Keep reminding your child to "Stop and Think" before posting. Remind them that nothing should be shared that could embarrass or hurt themselves or others. It is vitally important they understand that once something is shared, whether someone else will forward it on, is completely out of their control.
With inconclusive evidence of health risk, if at all practical, we advise turning on "Airplane Mode" unless a call needs to be made by the child. This prevents emission of electromagnetic frequency radiation all day long to your child's growing body. There is no conclusive evidence how EMF radiation affects growing children in later years because that has not occurred yet in human history.
Wi-Fi hotspots in public places are very convenient, but they are often NOT safe!
Even though Wi-Fi hotspots in public places are very convenient, they are often not secure. You should be aware that connecting to a Wi-Fi network and sending information through mobile apps or websites means your information can potentially be accessed by someone else. The key to securing your personal information online is encryption. With encryption, the information you send over Internet is scrambled into a code, making it inaccessible to others.
With wireless networks, personal information should only be sent if it is encrypted, either by a secure Wi-Fi network or an encrypted website. A secure wireless network ensures that all information you send using that network is encrypted, whereas an encrypted website only protects the information that is sent to, and from that site. The following tips are offered to you from the Federal Trade Commission, to ensure the protection of your information when using public Wi-Fi:
● Only use websites you know are fully protected when logging in or sending personal information using a hotspot.
Look for HTTPS at the beginning of a web address to determine if a website is encrypted. (The "s" in HTTPS is for "secure"). Remember to look for https on each and every page you visit, and if you should suddenly realize that you're on an un-encrypted page, log out right away.
● There's no visible indicator (like https) for mobile apps.
It has been discovered that many mobile apps are not capable of encrypting information properly, so it is not a good idea to use certain types of mobile apps on unsecured Wi-Fi. Therefore, use your phone's data network or a secure wireless network if you plan on using a mobile app to conduct sensitive transactions like shopping with a credit card, filing your taxes, or accessing your bank account. If you must make a transaction using an unsecured wireless network, instead of using the company's mobile app, use the company's mobile website - this way you will be able to check for the https at the beginning of the web address.
● Make sure you log out when you have finished using an account.
Don't stay permanently signed in to accounts. Others using the computer after you will be able to access your accounts and you would risk loss of privacy or even identity theft.
● Make sure you use different passwords on different websites.
If you don't do this, someone who gains access to one of your accounts may be able to access ALL your accounts.
● Keep your security software and browser up-to-date.
Some web browsers warn users who try to download malicious programs or visit fraudulent websites. Keep your security software and browser up-to-date, and pay close attention to these warnings.
● Set Wi-Fi setting in your phone to OFF unless using it.
In addition to draining your battery faster because your phone will keep scanning for Wi-Fi connections available in your proximity, you risk loss of privacy because hackers nearby providing rogue unsecured networks can easily hack into your phone. Therefore, you may want to consider changing your mobile device's settings, stopping it from automatically connecting to nearby Wi-Fi. Now you will be in control of how and when your device uses public Wi-Fi. Then, once you have finished web browsing, ensure you have logged off all services you were signed into.
● Use a Virtual Private Network if you regularly use Wi-Fi hotspots.
Use a VPN if you regularly use Wi-Fi hotspots to access online accounts. Traffic between your computer and Internet is encrypted by VPNs, even on unsecured networks. Personal VPN accounts can be obtained from a VPN service provider. Some organizations even create VPNs for their employees to provide secure remote access. There are also VPN options for mobile devices, meaning that information you send through mobile apps can be encrypted.
● Use WPA2 encryption network if the business offering free Wi-Fi offers it.
Some Wi-Fi networks like WPA and WEP use encryption - However, you may not be protected from all hacking programs. The strongest is WPA2.
Keep Geotagging disabled until you need to use it, to keep your whereabouts private.
Smartphones have a feature known as Geotagging, which allows the user to include geographical location data on social media status updates, tweets, photos, and videos. When automatic Geotagging occurs on smartphones, it is either because the user has forgotten they enabled this option or because it is enabled by default on the device. As a result, when you take photos with your smartphone and post them online, you could well share more information than you intended about your location. That being said, Geotagging can be a useful and fun feature when you choose to tag photos showing where they were taken, or when you're interacting with certain family and friends.
● Protect Your Privacy.
Geotagging can potentially be misused. If you leave the GPS option on, keep in mind that, over time, others can watch your geotags and observe your routine movements, and determine where you live and work. Potentially, it could be very easy for predators to track your children, or for a burglary to occur when you're away from your home. You may not want to always publicly disclose your location, so why not take the precaution of turning the location off on your phone, thus protecting both your private information, and yourself?
To determine if an application uses your location, you need to review application permissions. If it asks for permission to use your location, you may want to consider disabling the location services for the app, or even not downloading it at all.
We strongly urge all parents to keep their children safe by checking the settings on their phones too.
How to Disable Geotagging.
● Apple Devices.
To disable Geotagging on Apple devices, go to Settings > Privacy > Location > Services. From this menu, with one tap you can choose which apps can use your location, or turn off all services that use the GPS by choosing "OFF" beside "Location Services".
● Android Devices.
To disable GPS for the camera application only, start the camera application, and from that menu select "Location" then "Off".
If you choose to completely disable GPS location finding for all applications, go to Menu > Settings > Location & Security. Next, uncheck "Use Wireless Networks" and/or "Use GPS Satellites". Done! Now only your service provider can know your general location (not specific) based on the cell tower your phone is using.