CSAM Week 2 - Is Your Mobile Phone Safe?

Posted:

Campus:

Dryden
Greenstone (Longlac)
Lake of the Woods (Kenora)
...

The focus of week 2 of Cyber Security Awareness month is smartphones.  These devices are a key source for pretty much everything. We’re more connected to our smartphones now than ever before because they can help us out in almost any situation. Whether it’s catching a ride, connecting with your friends and family, ordering groceries or just looking at memes, your phone is there for you through it all. Your phone also contains lots of personal information, such as your photos and text message history.  

Canadians love their devices:  88% of us own a smartphone, and 45% check their phone at least every 30 minutes.

Unfortunately, this reliance combined with the personal information stored on phones, makes them prime targets for cyber criminals. That’s why it’s important to learn how to keep them safe.

Common threats against your mobile device

Cyber security threats on your phone can be subtle. That means that we don’t necessarily know where we’re vulnerable, which leaves us even more exposed to attacks that can cost us our money, identities or time.

Phishing

One of the most common threats is phishing – fraudulent emails, texts, social media messages, and even phone calls.

These messages often ask you to log in somewhere, verify an account with information only you know, or threaten you. They might even try to convince you to download malware. Cyber criminals will say anything to convince you that they are a legitimate company or person to get you to release your personal data to them or to download their malware.

Malicious Apps

Apps may appear innocent, fun, or useful, but in fact can demand access to an excessive number of permissions on your device.  More permission means more access to personal information that you’d rather not give away.

These malicious apps are often fake apps, but may look and even function like regular apps. The reality is that they can pose a number of cyber security risks – from corrupting your phone with malware to stealing your personal information.

Unsecured Wi-Fi

Another subtle tactic that cyber criminals use in targeting victims’ smartphones is tricking people into connecting to dangerous Wi-Fi networks.

The public Wi-Fi at your local café may seem easy to use and helpful,, but beware: criminals will often create fake networks that appear legitimate on your Wi-Fi list. In reality, though, these are traps designed to steal your personal data.

How to protect your smartphone

Use MFA

Multi-factor authentication is the practice of using multiple ways of verifying you are you, and that you are the person linked to the account or device you want to use. Multi-factor authentication works by using a password, pattern, or facial recognition at the same time.

This makes it more difficult for cyber criminals to access the information on your device if it gets lost or stolen.

If you can, set up multi factor authentication on your smartphone. Start with a strong passcode, passphrase, or pattern that only you know, and combine it with either facial recognition or a thumb print.

Enable a lock screen and password

Enabling a lock screen and password on your phone is one of the best ways of keeping your phone secure should it fall into the wrong hands. This means that, anytime you try to access your phone, you’ll need to enter a pin (or do something similar like scan your face or fingerprint) to access it.

Another advantage to this feature is it allows you to enable your phone to lock automatically after a certain point. If you leave your phone on (say at a table at a coffee shop) cyber criminals won’t be able to easily access it – it will just lock automatically.

It’s also important to be vigilant when using your phone in public places. Never leave your phone unattended. Cyber criminals could easily access it to gain whatever information they need about you.

Be wary of suspicious messages or phone calls

Never give up your personal information or log-in data if an email, text message or phone call seems suspicious, especially if you weren’t expecting to receive them.

Cyber criminals can try to trick you into giving up personal information by pretending to be a representative from an organization or government agency, such as your bank or the Canada Revenue Agency. If you’re not sure whether the message or phone call is real, you should hang up, and contact the company or government department through the contact details on their website. This way you are in control and can use the correct email or phone numbers to verify whether or not the inquiry is real. Don’t forget that the CRA and other government agencies will never threaten you or use aggressive language when contacting you.

Because our phones are connected to the internet and linked to our email accounts, we can receive phone calls, emails, and text messages at any hour of the day, no matter where we are. We might be distracted or tired or busy when we receive these calls or messages. We need to be vigilant about double-checking messages and thinking twice about requests for personal information to avoid falling for phishing scams.

That makes it extra important to recognize what a phishing message might look or sound like.

Look for signs of phishing messages, like spelling mistakes, pixelated logos, and suspicious email addresses.

Read the list of permissions before downloading apps

Time to get the app everyone is using? When you install a new app on your phone, you may be prompted with a permission request. By clicking “OK”, you consent to your phone sharing certain types of information with that app, or you‘re saying it’s OK for the app to access things like your location, camera, or microphone. For some phones, you may need to check your settings to verify permissions.

When you download new apps, you might overlook the fine print like the terms and conditions or privacy statements for the app. They are important to pay attention to, because this is where the app lets you know what it will do with your information. You could be sharing data that you don’t want to part with. Always look closely at what permissions an app will need before you install it. If the permissions seem invasive or confusing, or don’t make sense for what the app is supposed to do, either don’t download the app or delete it if you’ve already done so.

Don’t be fooled by public Wi-Fi

No matter how appealing it is to connect to free Wi-Fi, make sure you’re accessing a network that is secured, verified and doesn’t demand any personal information for you to join. Cyber criminals can create networks that look harmless but are actually malicious. Sometimes they will create a fake network that uses the same name as the one you want to join in order to trick you.

When in doubt, ask an employee which network to use so that you can ensure you aren’t putting yourself at risk of network spoofing.
Better yet, you can use a VPN any time you connect to public a network to ensure your data is secure. (Just know that malware can still get through a VPN.)

In Summary

Our smartphones are incredibly useful devices that never leave our sides. They’re one of our most dependable sidekicks and have undoubtedly earned their spot as our BFF.  They help keep us connected with the world around us. Unfortunately, this kind of connection leaves our phones at high risk for hackers who see an opportunity in the amount of time we spend with them and the personal information they contain.

By staying vigilant and educating yourself about smartphone security risks, you can keep your device safe from cyber attacks.

Share