Talk to any Chief Information Security Officer and they’ll tell you that the weakest link in their organization is always the individual. Take smartphones for example. They’re designed with security in mind but that protection is compromised each and every day.

  • 70 million smartphones are lost each year, with only 7 percent recovered
  • Users are three times more likely to respond to a phishing attack on a Smartphone than via email.
  • Amazingly, 83% of all phishing attacks take place outside email – text messages rank very high.
  • Cyberattacks targeting smartphones have increased 50% from 2018 to 2019 and continue to rise
  • Most users (86%) believe their smartphones are safer to use than their PCs

In the security business, education is always the best policy but organizations can and should do more when it comes to smartphones. IT organizations and employees would be “smart” to pay attention to the basics.

  1. Do implement a lock password. The stronger the better (and don’t use the default 4-digit code). Make the password stronger or make use of fingerprint and/or face recognition technology to gain entry quickly.
  2. Don’t jailbreak or root phones. If you don’t know what this is, then don’t worry about it (you’re not doing it), just don’t buy phones that advertise they’ve been jailbroke (Apple) or rooted (Android).
  3. Do install software updates to phones shortly after they’re made available (unless you establish a policy for organizationally- owned phones).
  4. Don’t install any application from anywhere other than the Apple Store or Google Play. This is one of the main methods of installing malware on a phone and either stealing personal and/or financial information or using a phone to commit crimes against others.
  5. Do turn on “Find my Phone” (this will allow for location tracking or lock/wipe a phone if it’s been lost or stolen). If it’s a company phone, employees should know to report the loss immediately.
  6. Don’t respond to suspicious emails or text messages, and don’t click on links unless you asked for the information.
  7. Do use caution on open (no password needed) internet connections. Avoid accessing sensitive data (e.g. banking information, email).  These sites are susceptible to “man in the middle” attacks that will steal credentials and/or data.
  8. Don’t use public charging stations. Some of these have been hijacked/modified just like some gas pump credit card readers. Once you plug your device into a modified “charger” the hacker can download data.

In summary, Smartphones have made our complex lives easier and are a wealth of knowledge and entertainment.  But they have some of the same security flaws as a desktop or laptop and are easier theft targets because of their size.  Additionally, hackers are now focusing specifically on smartphones via text messaging and social media apps.

So, set up security like you would on your desktop and use the same level of caution accessing data from your smartphone as you would accessing it from your PC.

Be safe. Be Secure.

To help spread the word about cell phone security, we’ve prepared a poster for distribution throughout your organization.