Top 10 ways to secure your mobile phone   
       
   Posted September 21, 2016 by Wendy Zamora   
       
   Seems like everywhere you turn, there's news of another mobile security   
   breach. Just last month, vulnerabilities in iOS 9.3.5 were being exploited by   
   the notorious NSO Group, maker of surveillance software, to read text messages   
   and emails, record sounds, collect passwords, and even track the calls and   
   whereabouts of users. Apple released a security patch on August 25 in response.   
       
   Meanwhile, on the Android side, a Linux bug first introduced in Android 4.4   
   (and present in all future versions) left 1.4 billion users vulnerable to   
   hijacking attacks. The vulnerability allows attackers to terminate connections   
   and, if the connections aren't encrypted, inject malicious code or content   
   into users' communications. Representatives from Google say they are aware of   
   the vulnerability and are "taking the appropriate actions."   
       
   These hacks aren't happening in a vacuum. Mobile malware is a frontier ripe   
   for cybercriminal activity. According to a 2015 Pew Research Center Report,   
   nearly two-thirds of Americans own a smartphone, and roughly one in five of   
   those users conduct most of their online browsing using their phone instead of   
   a computer. The reality is that as more and more people use their phones to go   
   online, more cybercriminals will hear the call.   
       
   Mobile malware on the rise   
       
   "Mobile malware has been on the rise drastically in last couple of years,"   
   says Nathan Collier, Senior Malware Intelligence Analyst at Malwarebytes.   
   "Everything from backdoor malware that steals personal information to   
   ransomware that locks your phone until payment is made exists in the mobile   
   space. With millions of malware samples in the wild, there is no reason not to   
   be concerned."   
       
   In addition to an increased volume of people turning to their phones as the   
   primary means for going online, there's also an increase in using mobile   
   devices for storing and transmitting sensitive data. The 2015 Pew Research   
   Center Report also shows a full 57 percent of smartphone users doing their   
   online banking on their phones.   
       
   But online banking is just the tip of the iceberg. GPS programs can find your   
   location. Mobile apps often require that you allow them to access data stored   
   in your phone or on the cloud. You can receive digital boarding passes via   
   text message or verification codes for logging into sites, social media apps   
   publish photos and personal data, fitness and health apps track steps,   
   heartrate, and food intake-a cybercriminal can learn all there is to know   
   about their targets by breaching their cell phone.   
       
   Your phone may contain and transmit a larger volume of and more sensitive info   
   than your computers-but it's not always as protected.   
       
   Security issues with phones   
       
   A number of factors contribute to weak mobile phone security, but one of the   
   top concerns is that phones are much easier to be misplaced, lost, and stolen.   
   Mobile phones go with you everywhere, which means there's more potential for   
   leaving them behind. Once a criminal has physical control over your phone,   
   it's often not too difficult to gain control of its data.   
       
   A second huge concern for mobile phone security is the validity of third-party   
   apps. They aren't vetted by the major app stores iTunes and Google Play,   
   therefore they needn't pass a minimum standard for safety. Apple iPhone has   
   strict laws about apps: They can only be downloaded from iTunes, therefore   
   they're more secure. The downside is that users are restricted from going   
   outside the iTunes ecosystem, which is why people sometimes jailbreak their   
   phones. This is a dangerous measure, as it negates all security, not only for   
   apps, but also for operating systems.   
       
   Google's Android, however, allows for third-party apps to be downloaded.   
   "Android is highly customizable and open to innovation by its users," says   
   Collier. "Also, although Google highly recommends you only install from the   
   Google Play store, they allow you to take the risk into your own hands if you   
   really want to install elsewhere."   
       
   Another security risk with mobile phones is that users don't update their OSes   
   as often as computers. Updating phone software requires ample memory and   
   battery power, and users are often running low on both. Every time a software   
   update is delayed on a mobile phone, a cybercriminal has an opportunity to   
   exploit security vulnerabilities in the operating system.   
       
   Of course, mobile phones are also vulnerable to the same pitfalls that befall   
   desktops and laptops-mainly, users who don't practice safe surfing. Social   
   engineering in the form of social media scams and phishing can especially   
   ensnare mobile users who regularly check their email, Facebook, Twitter, and   
   other social networking sites. Phishing in the form of text messaging, or   
   smishing, has also become a popular attack vector, particularly for criminals   
   looking to cash in on the popularity of mobile banking.   
       
   Finally, all of these risks are compounded by the fact that technical security   
   measures are not commonplace in phones. While computers are often equipped   
   with firewalls, antivirus, and/or anti-malware software, mobile devices   
   typically have only their operating systems and the security of their apps to   
   protect them.   
       
   Ways to stay secure   
       
   So what does this mean for mobile phone users? It means that it's even more   
   important to stay vigilant about cybersecurity when using a mobile device.   
   Here are some ways you can protect yourself, your data, and your phone.   
       
       Lock your phone with a password or fingerprint detection. At the very   
   least, if you leave your phone on the counter at Starbucks or if it's stolen   
   out of your pocket, cybercriminals will have to get through that first gate.   
   Set the time on your password lock to be short as well-30 seconds or less   
   should cut it.   
       If it's not already the default on your phone, consider encrypting your   
   data. Doing so is especially useful for protecting sensitive data, whether   
   that's business emails or investing and banking apps.   
       Set up remote wipe. If your phone is lost or stolen, you'll be able to   
   wipe all of its data remotely (and therefore keep it out of the hands of   
   criminals). You can often also use remote wipe to find your phone's location.   
       Back up phone data. Consider connecting your device to its associated   
   cloud service in order to automatically back up data (and encrypt it).   
   However, if you don't trust the cloud, be sure you connect to a PC or Mac to   
   sync data regularly in order to preserve photos, videos, apps, and other files.   
       Avoid third-party apps. If you're on an iPhone, you don't have much of a   
   choice. However, for Android users, staying on Google Play and not allowing   
   apps from unknown sources keeps you relatively safe. If you do decide to use   
   third-party apps, research to be sure you're not getting a malicious one. Read   
   reviews, and if the app asks for access to too much personal data up front,   
   don't download it.   
       Avoid jailbreaking your iPhone or rooting your Android. While the   
   processes are different, the end result is bypassing what phone manufacturers   
   intended (including security protocols) and ultimately weakening the security   
   of your device.   
       Update operating systems often. When that pop-up reminder comes up, don't   
   ignore it. Charge your phone, clear out some space, and install the update   
   right away.   
       Be wary of social engineering scams. Cybercriminals love to spoof banking   
   apps, send phony texts meant to collect personal data, and email malicious   
   links and attachments. Just as you do on your computer, view any   
   communications from unknown sources with a careful eye. If it seems fishy, it   
   very likely is.   
       Use public wifi carefully. Yes, you don't want to use up all your data.   
   However, public wifi is inherently insecure, so try not to make transactions   
   or transmit sensitive data while using it. Consider using a VPN service to   
   encrypt data transmitted online.   
       Download anti-malware for your mobile device. If you do happen to download   
   a malicious app or open a malicious attachment, mobile anti-malware protection   
   can prevent the infection.   
       
   Chances are, you use your phone to do a lot of stuff online. You may even be   
   reading this article on it right now. For peace of mind, and to get a leg up   
   against a rising tide of mobile malware activity, don't just phone it in-be   
   proactive about your mobile security.   
       
       
   Regards,   
       
   Roger   
      
   --- DB 3.99 + W10 (1607)   
    * Origin: NCS BBS - Houma, LoUiSiAna (1:3828/7)