Written by Adeola Fatoke, Adewale RajI, Martha Apeh, Nurudeen Odeshina and Ridwan Oloyede.
According to the GSMA, The Mobile Economy Report 2023, by the end of 2022, over 5.4 billion people globally would have subscribed to a mobile service, including 4.4 billion who also used the mobile internet. With the growing number of mobile devices being used for personal and business purposes, mobile security has become a very important concern for people and organisations, especially those that allow mobile devices to access the company’s resources, including emails, chats, and other productivity and collaboration applications. Many factors contribute to mobile device risks, such as the sensitivity of the data stored on the mobile device, the security of the underlying mobile operating systems, the download and use of third-party apps, and connections to insecure networks, among others. This is why it is important to put up appropriate safeguards.
Some of the best approaches to securing personal data on mobile devices are:
Access and Authentication
A strong password, passcode, pattern, or mobile biometric authentication (facial, voice, and fingerprint) is one of the most effective security methods for a mobile device. Biometric authentication is recommended, given that these are unique to the owner of the mobile device. Password managers enable the use and safety of strong passwords. It is also best practice to set mobile devices to lock automatically when not in use. In addition to this, controlling what features and personal data are available without unlocking your mobile is very important. Multi-factor authentication should also be set up for access to apps, including those that process personal data.
Apps and Operating System
It is recommended to download mobile apps directly from trusted app stores (iOS apps on the App Store and Android apps on Google Play) or mobile device manufacturers’ stores. Apps from these stores are typically screened for malware and other potentially harmful mobile activities. However, it is not uncommon for apps to be installed from other sources or on jail-broken mobile devices. These are often untrusted and are potential gateways for viruses, malware, etc.
Additionally, mobile devices should be updated whenever updates to the underlying mobile operating system and apps are released. It is advisable to turn on automatic updates for mobile devices to benefit from new functionality, bug fixes, and enhanced security. For organisations, having a patch management policy in place helps ensure the proper installation of updates.
The major mobile operating systems (iOS and Android) recently released privacy details for apps to promote transparency and help users better understand how apps interact with their personal data. The details provided for each app help understand privacy, security practices, behaviours and how apps interact with your data i.e. what data is collected by the app and how it is used, transferred, stored etc. These types of data include; personal information, health information, financial information, location, browsing history, purchase history and app privileges (such as read and write access, access to contacts, messages, camera etc. This provided a basis for mobile device users to understand how their personal data is being processed by mobile device manufacturers and app developers.
Most mobile apps would prompt users to grant permissions for accessing data and features on their mobile devices. Apps may request access to contacts, call logs, location, or even mobile device storage when they lack features that require such permissions. It is best to note which permissions the app requests and deny anything that seems strange or unnecessary for the app to work.
Use Anti-Malware Software
In contrast to the popular myth that mobile devices are immune to malware and other threats, the 2022 Global Mobile Threat Report by Zimperium reported over 2 million new mobile malware samples detected in the wild in 2021. Mobile devices are equally susceptible to malware, vulnerability exploitation, and other threats as computers. Also, since mobile devices (phones and tablets) are used for important daily tasks, such as payments, messaging, and browsing involving finance and personal information, using secure software will help adequately protect the devices. These secure mobile applications include bundled or unbundled mobile antivirus /antimalware software, browser security, a mobile Virtual Private Network (VPN), identity protection, and a password manager.
Public Wi-Fi and VPN
It is recommended to avoid connecting to unknown or unsecured public Wi-Fi networks. Where it is absolutely necessary, make sure the connection is to the correct Wi-Fi when working from coffee shops, co-working space etc. It is quite possible for criminals to set up malicious hotspots or Wi-FI which enables them to view, intercept, and capture internet traffic, connections, and any confidential information. Use a known Virtual Private Network (VPN) as it preserves confidentiality by encrypting all information transmitted to and from mobile devices. Stay clear of free VPNs, as this is similar to the malicious Wi-Fi or hotspots earlier mentioned. Also, remember to “forget the network” when done to prevent automatically connecting to the Wi-Fi when next you are nearby.
Remote Lock and Data Wipe
A proactive approach to managing the theft of mobile devices is to enable tracking to help find your device when it is lost or stolen. Some mobile devices also include features for instant notification alerts on other connected devices, such as smartwatches, when you leave your mobile device behind. Setting up the remote lock and data wipe features is helpful if a mobile device has been confirmed stolen or lost. The owner can either remotely lock the device or permanently remove stored confidential data. Prior to this, backups should be carried out periodically using any of the wide-range of cloud backup options available.
Partition your Data
Where one mobile device is used for both personal and business purposes. To increase the security of both business and personal information on such devices, it is best to partition the data on the device. Most organisations offer such flexibility as part of implementing ‘Bring Your Own Device’ (BYOD). While one partition within the mobile device is managed by the company, the other is reserved for personal use. Such separation eases the processing or retrieval of organisational data from the device, and it will also prevent incidents of permanently deleting important personal information upon termination from the organisation when a data wipe is implemented.
Attacks on mobile devices have continued to increase as more sophisticated approaches are being used to carry out such attacks. These are some simple yet effective practices that secure mobile devices from attacks. It is essential to adopt them both for personal and business use.
Mobile Device Encryption
Most recent and middle range mobile devices come with the capability to encrypt data saved locally on the devices. Encryption transforms data stored on the mobile device into a form unreadable to an intruder, thereby protecting your private and sensitive information when it gets into the wrong hands. Enabling this feature means that all the data contained on a device is protected from unauthorised access. It would prevent anyone from accessing your data if your phone was lost or stolen and protected with the encryption PIN or password.
Bluetooth and NFC
Short distance wireless communication technologies such as Bluetooth and NFC can be used for transfer of information from a mobile device. Malicious criminals can also use it as a channel to access your device's data and information. It is recommended to turn off Bluetooth when it is not in use. This also applies to other features, such as geo- location services such as GPS.
Contact us at Tech Hive Advisory if you have any questions or need assistance setting up these features.