Mobile Device Security Tips
The Risks of a Public Wi-fi
The same features that make free Wi-Fi hotspots desirable for consumers make them desirable for hackers; namely, that it requires no authentication to establish a network connection. This creates an amazing opportunity for the hacker to get unfettered access to unsecured devices on the same network.
The biggest threat to free Wi-Fi security is the ability for the hacker to position himself between you and the connection point. So instead of talking directly with the hotspot, you're sending your information to the hacker, who then relays it on.
While working in this setup, the hacker has access to every piece of information you're sending out on the Internet:important emails, credit card information and even security credentials to your business network. Once the hacker has that information, he can — at his leisure— access your systems as if he were you.
Hackers can also use an unsecured Wi-Fi connection to distribute malware. If you allow file-sharing across a network,the hacker can easily plant infected software on your device. Some ingenious hackers have even managed to hack the connection point itself, causing a pop-up window to appear during the connection process offering an upgrade to a piece of popular software. Clicking the window installs the malware.
As mobile Wi-Fi becomes increasingly common, you can expect Internet security issues and public Wi-Fi risks to grow over time. But this doesn't mean you have to stay away from free Wi-Fi and tether yourself to a desk again. The vast majority of hackers are simply going after easy targets, and taking a few precautions should keep your information safe.
Use a VPN
A virtual private network (VPN)connection is a must when connecting to your business through an unsecured connection, like a Wi-Fi hotspot. Even if a hacker manages to position himself in the middle of your connection, the data here will be strongly encrypted. Since most hackers are after an easy target, they'll likely discard stolen information rather than put it through a lengthy decryption process.
Use SSL Connections
You aren't likely to have a VPN available for general Internet browsing, but you can still add a layer of encryption to your communication. Enable the "Always Use HTTPS"option on websites that you visit frequently, or that require you to enter some kind of credentials. Remember that hackers understand how people reuse passwords, so your username and password for some random forum may be the same as it is for your bank or corporate network, and sending these credentials in an unencrypted manner could open the door to a smart hacker. Most websites that require an account or credentials have the "HTTPS" option somewhere in their settings.
Turn Off Sharing
When connecting to the Internet at a public place, you're unlikely to want to share anything. You can turn off sharing from the system preferences or Control Panel, depending on your OS, or let Windows turn it off for you by choosing the "Public" option the first time you connect to a new, unsecured network.
Keep Wi-Fi Off When You Don't Need It
Even if you haven't actively connected to a network, the Wi-Fi hardware in your device is still transmitting data between any network within range. There are security measures in place to prevent this minor communication from compromising you, but not all wireless routers are the same, and hackers can be a pretty smart bunch. If you're just using your device to work on a Word or Excel document, keep your Wi-Fi off. As a bonus, you'll also experience a much longer battery life.
Even individuals who take all the possible public Wi-Fi security precautions are going to run across issues from
Even individuals who take all the possible public Wi-Fi security precautions are going to run across issues from time to time. It's just a fact of life in this interconnected age. That's why it's imperative to keep a robust Internet security solution installed and running on your machine. These solutions can constantly run a malware scan on your files, and will always scan new files as they are downloaded. The top consumer security software will also offer business protection solutions, so you can protect yourself while you're out and about, and your servers back at the office, all at the same time.
Throughout any business traveler's life, there's going to come a time when an unsecured, free, public Wi-Fi hotspot is the only connection available, and your work simply has to get done right then. Understanding public Wi-Fi risks will ensure your important business data doesn't become just another hacking statistic.
Keep your device up to date
We strongly recommend that you update your operating system on a regular basis with the latest security patches, updates, and drivers. This will ensure that your device is up-to-date and will help keep it free from viruses and other security threats.
The number of mobile device security incidents related to malware and viruses and the resulting cost of business disruption and service restoration continue to escalate. Implementing anti-malware and antivirus systems, blocking unnecessary access to networks and computers,improving user security awareness, and early detection and mitigation of security incidents are best practice actions that must be taken to reduce risks. There are a number of free utilities for all Operating Systems and Devices found on the App Store/Google play store for their respective devices.
Smishing (SMS/text Based Phishing)
While the name of this growing threat might sound funny, being a victim of it is no joke.
Similar to a "phishing" scam - where computer users receive an authentic looking email that appears to be from their bank, Internet Service Provider (ISP), favorite store, or other organization - "smishing" messages are sent to you via SMS (text message) on your mobile phone.
What does the sender want? To defraud you.
"Criminals like smishing because users tend to trust text messages, as opposed to email, of which many people are more suspicious, due to phishing attacks."
So, what does it look like?
Cyber criminals are trying to lure you into providing account information — such as a login name, password or credit card info — by tapping on a link that takes you to a web site. Here they can get enough info to steal your identity. Or you might be asked to answer questions via text message or advised to call a phone number.
In some cases, you’ll receive a text message with a sense of urgency:
• Dear customer, (Bank Name) needs you to verify your PIN number immediately to confirm you’re the proper account holder. Some accounts have been breached. We urgently ask you to protect yourself by confirming your info here.
Sometimes, scammers try to capitalize on something timely, like tax filing season:
• “IRS Notice: Tax Return File Overdue! Click here to enter your information to prevent being prosecuted.”
Or, perhaps, it will come in the form of a more personal note:
• Beautiful weekend coming up. Wanna go out? Sophie gave me your number. Check out my profile here:[URL]
Or, you might fall for a smishing scam if you think you can win something:
• Your entry last month has WON. Congratulations! Go to [URL] and enter your winning code – 1122– to claim your $1,000 Best Buy gift card!
What can you do about it?
You can fight “smishing” in a few ways:
* If you get a suspicious looking text(or email) on your phone and it asks you to urgently confirm information, it's not coming from a legitimate institution. Therefore, don't reply and don't tap on the link in the message. Simply delete it. Your bank, financial institution, ISP or favorite online retailer will never ask for sensitive info this way.When in doubt, contact the company yourself. Even though you might be tempted to hit Reply and tell them to leave you alone, you’re only confirming your phone number is valid, which might invite even more scams.
* Anti-malware (“malicious software”)software exists for mobile devices, many of which can detect and stop a smishing attempt. This serves as an extra line of defense from these malicious types, but you must still exercise common sense.
* Providers of software to help combat smishing and other threats are readily available and have features such as remote lock and siren, GPS localization, and tablet support, while offering Premium versions that add SMS and call filters, remote wiping, anti-phishing, photo snapshots (of someone trying to log into your device), and more.
* Look for suspicious charges on your monthly phone bill. Even if you never responded to one of these texts, it doesn't hurt to look at your itemized charges to see if there's anything that looks off. If it does, contact your phone provider right away to dispute the charges. Don't worry, they've heard it all before. Resist entering contests that ask you to provide your mobile number, as you’re setting yourself up for these kinds of scams. Similarly, don’t post your mobile phone number on social media or other public forums.
* When mobile shopping, stick with reputable retailers. When giving out financial information, like your credit card, always be sure to look for indicators that the site is secure, such as a little lock icon on the browser's status bar or a URL for a website that begins“https:” (the “s” stands for “secure”). On a related note, never tap on a link to a retailer to shop online -- just in case it's a scam. Instead, manually type in the store's URL (e.g. amazon.com) or use the store’s official app.