By Aleksandr Koniashev, Information Security Specialist, Protiviti Singapore
With the increasing use of mobile phones to shop online and to perform internet banking transactions, it is worthwhile remembering 8 things you can do to keep your mobile phone safe from cyberattackers.
Many applications require access to your mobile phone camera and photos before installation. Unless you trust the creator of the application, it is safer to avoid installing as your device will be vulnerable to external tampering and sensitive data theft. Ensure that permissions given match the purpose of the downloaded application. After the application is installed, you may or may not be able to change this permission.
If you receive an invitation to click on a URL to win a prize or holiday within the next 15 minutes, and that little voice in your head is telling you that it seems too good to be true, it probably is. Do not click any links even if it looks like it was sent from a friend, and do not be pressured to make quick and potentially unsafe decisions.
When restrictions imposed by the smartphone or electronic device manufacturer have been removed to allow the installation of unauthorised software (known as “jailbreak” for iOS, “rooting” for Android), it is possible for your device to be fully controlled externally. Your mobile device can be used for criminal activities, for cyber scams or attacks, without your knowledge.
When you connect to a hotel’s free WiFi network or to a public WiFi network in a restaurant or shopping mall, always check with the staff what the name of the official free WiFi network is. Cyber attackers sitting close by can introduce fake WiFi access points with the network name very close to legitimate one, like “C0ffeeshop” instead of “Coffeeshop”. Fake WiFi networks can ask you to provide personal information such as email addresses and passwords.
Some improperly developed or configured mobile applications can allow cyber attackers to tap on the same WiFi network to sniff and decode personal sensitive data accessed via your mobile device. Even if a secure HTTPS connection is used, some applications may not be sufficiently validated which can lead to your web traffic being intercepted by a cyber attacker, sitting between you and the application’s servers.
If you haven’t done it, set a phone lock. Sometimes cyber attackers do not need to steal your phone to install malicious applications. Three minutes of unattended access to your mobile device is more than enough time to transfer your private information to an external web drive.
When you leave your mobile phone to charge at public locations, your data can be transferred to another device without your knowledge. It is better to use a power bank than to hand over your mobile device to unknown people, even if they look friendly.
Installing an anti-malware application in your mobile device will enable you to remotely wipe your personal data from it in the event that it is stolen, once the device is switched on and online again.
Mobile devices offer us many conveniences, but it is important to remember that these are susceptible to cyberattacks. Taking the proper precautions will help to keep your personal information and data safe from cyber criminals.
To learn about Protiviti’s Cybersecurity services, click here.