fbpx

Enhance Mobile Phone Security

Technology is becoming an essential part of people’s lives, helping facilitate their day-to-day activities. It has also become the arena for many malicious actors trying to inflict damage to their victims. This article will look at steps that a tech savvy person can take to improve their cellphone safety.

At the end of the article, you can also see a basic cheat-sheet for readers to increase their cyber security.

Cellphones

As of 2019, Android and Windows Operating systems have the highest market share throughout all platform at around 37% each (Source). Therefore, a majority of advice will be catered to these two groups. It is worth noting that some cellphone safety advice are cross-platform in nature.

Tips for Android Phones

  • Screen Lock – Screen lock is the security code used to open your android device. Most devices will offer the following options (from most secure to the least): Password>Pin>Pattern>Face Unlock>Slide>None. The lowest security level a person should aim for is the Pattern. In the near future, technological advances may lead the Facial & Biometric screen lock options to become the safer bet to some.
  • Find My Electronic – In case a device is lost, having the ‘Find my (phone/electronic/device)’ turned on can help you potentially remote control & locate the device.
  • Electronic Encryption – Newer Android devices (2018+) will have automatic electronic encryption added to their system. For those interest in encrypting their SD cards, open setting and search “Encrypt SD Card” then follow the guidelines provided in the device.
  • Manufacturer Specific Privacy – Device manufacturers often offer enhanced privacy settings for settings such as location, sending diagnostic data and receive marketing information. This option can be found in different places depending on the manufacturer of the device. Depending on your risk/security profile, you may want to have or remove them.
  • Google Privacy – Most android phone require the user to create a Google account. When entering a Google account, there is an option to run a “Privacy & Personalization” and “Take the Privacy Check-up” to ensure that Google considers the owner’s privacy needs.
  • Software Updates – Keeping Android software(s) updated can help ensure a safer device with the newest capabilities. Go to Setting>Software Updates and turn on ‘Auto download over Wi-Fi’, for users that do not expect to use Wi-Fi often, it is preferable to do manual updates once every month or so. Updates should also be made in the Google Play Store>My apps & games.
  • Antivirus – Antiviruses have been used for decades to create an extra layer of protection against entities looking to gain access to electronics. Although some believe that the antivirus itself can become a conduit to accessing someone’s systems, others prefer some of the benefits that can come from using it. To help determine what tool to use, I often recommend clients to use Av-Test to see the options that have been tested for protection, usability and performance. Out of the top performers, a decision can be made on pricing (free options are available, but with less protection), supplier diversity, corporate discounting, etc. Tests are often made for home and business users of Android, MacOS and Windows.
    • As of 2019, Google Play Protect has a low protection score, which means that some may prefer to have another Mobile Antivirus solution to support their needs.
  • Google Account 2FA – 2FA or two-factor authentication is an extra layer of security that can be implemented to protect you Google Account. For those interested in learning more about the tool and why it matters, visit Google’s 2-Step verification page.

Telephone/Text

Telephone and texts are often used as a conduit for fraudulent activities looking to extract data or resources from their victims. This session will look at some of the types of scams & steps that can be taken to limit its risk.

Robocalls – Automated phone calls looking to exploit a need or belief the user has for the benefit of the malicious actor. It often attempts to offer better interest rates on your loans/credit cards or anything that could be of interest to you. If a user responds in some form to the occurrence, it can either lead to loss of money, time or be utilized for future engagements.

Types of Fraud

List of frauds provided by Wikpedia

Business – Attempts to illegally use business related functions such as billing, telemarketing, employment, tech support and others to get the victim to provide information that will financially or otherwise benefit the perpetrator at the detriment of the victim.

FinancialUses/poses as banks, credit cards, insurance, mortgage, tax and many others to defraud the victim for financial gains. If a real financially related entity reaches out to you, it is extremely unlikely that they will request for personal information to validate a claim/request.

GovernmentUses the name of government entities such as the FBI, revenue agencies and others to extract valuable information from the victims that can be used for financial gains. Most government entities will use sealed mail or agreed with methods to contact the relevant party regarding an issue. It will most often, never ask you to provide personal information to resolve the matter. If you are in doubt, reach out to the entities website and contact someone you trust for counsel.

Examples

The ‘Nigerian Prince’ scam – Is a scam that looks to get up-front money in exchange for future riches. Although the ‘Nigerian Prince’ example is well-known, this type of scam comes in variety of forms. The best course of action is to not respond to the request and close the call or delete the text.

The ‘Captured/imprisoned Family Member’ scam – A family member has been captured for ransom or has been imprisoned and now needs bailout money. At least that is the narrative the malicious actors aims to portray as it looks to abuse a sense of urgency and care to lead its victims into being defrauded. Most often, the best course of action is to gain knowledge of the circumstances the victim is meant to be in, ask questions that, in theory, only you and the captured/imprisoned victim would know. Then you should end the call and reach out to the individual via cellphone/e-mail and to closer relatives that may have a better insight on what is happening to that person’s life. This, alongside cross-checking the information provided by the assailants should help you determine whether to take further steps or not.

Technology Cheat-Sheet

In General:

  • Reach out to a family member or trusted advisor if something looks off. Their feedback can help you make an informed decision.
  • Always double check the sources before providing personal or company information.
  • Do not visit, click, download or install anything from an untrusted sources.
  • Scammers will often create a sense of urgency to get you to act before thinking. Always remember that!
  • Do not provide personal/corporate/financial information when an entity requests it unless you are 110% certain of the validity of the request.
  • Be mindful that scammers will use legit entities to try to get to you.
  • [Stay Safe from Phishing & Scams] video by Google
  • Remember to password protect anything of value. Always use a different password.
  • Always keep an eye for unsuspected shoulder surfing.
  • Do not leave your electronic without supervision. If that is not an option, always physically and digitally lock it.
  • Do not click on “You have a virus”, “Free money” pop-ups.
  • Always have a backup (digital or otherwise) for important data.
  • Keep your device up-to-date to ensure the highest security and quality of service.

We would love to hear from you!

Do you have any questions or would like to contribute to the discussion? Leave a comment!

Receive a monthly newsletter with updates, insights and solutions from GPetrium!