Each week, Dear Gracie answers questions from ProfNet Connect readers with advice from our network of more than 44,000 ProfNet experts. Has there been a question burning in your mind lately, something you've been wondering that none of your friends can answer? Please send it to firstname.lastname@example.org
I use my smartphone for everything, and I'm worried that I'm leaving myself vulnerable to hackers and viruses. What can I do to keep my smartphone safe? Is it the same as keeping a desktop safe?
Vulnerable to Viruses
Dear Vulnerable to Viruses,
Here are tips from five IT experts found within the ProfNet Connect community:
As smartphone capabilities are increasing exponentially, hackers are targeting these devices due to their less rigorous security features, says Mike Meikle, CEO of the Hawthorne Group, a boutique management and technology consulting firm.
"A couple of years ago, the worst thing that happened if your phone was lost or stolen was an inflated bill. Today, your phone contains a whole host of information, and you don’t have to lose the device to lose control of it. A careless click or two is all it takes," says David Meltzer, vice president of engineering for nCircle, a network security and compliance auditing firm. That's why you should take the time to become familiar with the security features of your phone and get into the habit of using them, he says.
Setting up Securely
1. Backup: Backup the data on your smartphone on a regular basis, says Derek Meister, a Geek Squad agent for Best Buy. "Determine how and when you'll sync your phone, and stick to your plan," he says.
2. Set up a Passcode: "Make sure it's easy to remember, but hard to guess," Meister says. "Most importantly, make sure that your phone is set to lock automatically in a reasonable time, so that if you do lose it, it will lock before someone else can find it and start using it."
A password also makes it more difficult for spyware to be remotely or directly installed onto your phone, says Robert Siciliano, McAfee consultant and identity-theft expert. The threat to your digital content doesn't require you to lose your device, continues Chris Hopen, CEO of HomePipe, a company specializing in digital content access and file sharing for the mobile community. "Recent news about malware apps on Android and the growing availability of remote data extraction devices underscores the need to protect your digital content, no matter where, or on what device, you access it," he says.
Furthermore, set up a password for accessing email and other personal data, says Randy Gross, CIO of CompTIA, the Computing Technology Industry Association, a nonprofit IT business trade group. There are also a range of applications for protecting confidential data, like credit card numbers or login credentials. One example is mSecure, which has a robust self-destruct feature should someone try to hack into data on the phone, Gross adds.
Also, wipe off your touch screen once in a while, says Meikle. Hackers are now using "Smudge Attacks" to access locked phones by guessing users' passwords based on the smudge prints left on the screen.
3. Enable Wipe Features: As long as you're backing up your data, says Meister, don't fear the auto-wipe settings on your phone. Most phones have this feature, which automatically deletes your data if too many incorrect passwords have been entered. Consider remote-wipe features for your phone too, he adds.
"If your phone is behaving oddly or you have some other reason to suspect that it contains spyware, reinstall the operating system, says Siciliano. "Consult your user manual or call your carrier’s customer service for step-by-step help with this process," he says.
1. Take Care With Public WiFi: "Although free WiFi hotspots may be faster than your mobile connection, avoid visiting sites that use sensitive data, like banking or shopping sites, while you're connected. Someone with malicious intent could be on the same network, says Meister.
2. Investigate Your Apps: "If you don't know the reputation of the app developer, take time to investigate it before you give in to an impulsive purchase," says Meltzer. "Read through privacy or data warnings when installing or running an app, and check out reviews before installing," says Meister. Both Android and iPhone App stores are vulnerable to hackers uploading malicious applications, adds Meikle.
"Also, look for apps with an automatic sign-out feature, says Hopen. "Apps that keep you signed in even upon exit are storing your passwords, and leaving access to your digital content open," he says. "Apps with an automatic log-out feature ensure that your content is protected, no matter where, or in whose hands, your phone resides," he continues.
3. Avoid Modding or Jailbreaking: Altering your smartphone's stock operating system might let you enable or add different features, but it's easier to keep up with automatic security and feature updates without the system modifications, Meister advises.
4. Stream, Rather Download and Sync: "Choose a service that allows you to stream, rather than download and sync, content to your device," says Hopen. This is especially important for documents and files containing confidential or proprietary information. Because streamed content never actually resides on your device, it is protected from data extraction or theft resulting from a lost device, and remains safe within the fortress of your remote storage, he says.
5. Think Like a Desktop: Apply your years of desktop experience to smartphone security, says Meister. "Be wary of unknown email attachments and links to suspicious websites," he says. Be alert for phishing scam emails, which work the same way on your smartphone as they do on your desktop, he adds.
"Use the same caution clicking on URLs, especially shortened URLs, that you use on your laptop or desktop," Melzter continues.
6. Consider Physical Threats: "Losing a mobile device today isn't just a pricey hassle, it leaves user's data laid bare, and users themselves open to liability and identity theft," says Hopen. "Mobile devices that are lost or stolen are more of a problem right now than viruses and hacking," Gross confirms.
"Keep your phone with you," says Siciliano. "Don't let it out of your sight and don't share it." You can access your data online from anywhere, or locate your missing phone and plot the location on a map, he adds. "If it's lost or stolen, SIM cards and phone calls can help get it back for you." Also, notify your wireless service provider immediately, says Gross.
Image from MobilitySite.com