Mobile Privacy: 7 Things You Need to Secure Your Mobile Device


by Michael Harris November 16, 2016

We live in a world where privacy is becoming extinct. Sure, you're safe to act and speak freely in your own home, but even just logging into the internet puts you on the global stage.

Everything you say, type, search, etc. is possible to trace back to your unique device address, and therefore you. Browsing anonymously no longer exists.

JP Morgan found this out the hard way in 2014 when hackers gained administrative privileges to several of their servers.

When a global financial institution dealing with sensitive information from millions of businesses, and even governments, gets hacked, it's time to worry about security.

Unique Identifiers Can Find You

On computers, your media access control (MAC) address or unique internet protocol (IP) address can be used to trace, log, and intercept your private data.

On mobile devices, there are several ways to track and identify you as the user and monitor your personal data.  The International Mobile Equipment Identity (IMEI) address is an electronic serial number (ESN) unique to your device.

Similarly, the mobile identification number (MIN) or mobile subscription identification number (MSIN) can be used to monitor your private communications.

Mobile Vulnerabilities

Apple has also had their hacking woes, specifically targeted at the iPhone.

The Pegasus hack worked by sending a text message containing a link. Anyone clicking on the link would grant hackers access to their texts messages, emails, phone camera, microphone and more. Scary, right?

With 90 million iPhone users in the U.S., it stands to reason mobile privacy is affecting more people than ever.

We're going to show you how to take control of your own mobile privacy and keep its information from prying eyes.

 

7 Things You Need to Secure Your Mobile Device

 

1. Choose a Secure Messaging Service

Anytime data (read: text messages) are sent, there's a chance for hackers to intercept them.

Standard messaging services like Apple's iMessage are actually very secure. They employ end-to-end encryption that creates "keys," which let users access data sent over a secure connection. 

Apple's iMessage works specifically by creating a private key and a public key. The private key is stored on Apple's servers, while the public key stays on your device.

When someone sends you a message, they receive a copy of your public key. When they respond to your message, it's encrypted into something only your private key can unlock.

However, iMessage isn't totally secure. Security experts have speculated that sophisticated entities could crack it with the proper financial backing.

This is why we highly recommend the Signal app from Open Whisper for governments, enterprises, or individuals that wish to keep secrets private.

We Recommend - Signal Messaging App

Signal App

Signal uses the same end-to-end encryption strategy as Apple, but with additional layers of security. The app is provided open source for community validation and most importantly, Signal allows for independent user verification.

This means that users can verify their identity with each other through a secure connection separate from the signal server. The verification is built in to prevent any unauthorized source from adding their "key" at the server side.

2. Choose a Secure Operating System

Hardware level encryption is your psychical line of defense against hackers.

Both Google's Android and Apple's iOS offer encryption of your actual device, and sophisticated technologies to verify your identity.

Some Android phones are now offering iris recognition, or eye scanners, to access your phone's information. Both Android and iOS also offer fingerprint recognition technology, in addition to standard passcodes.

Google and Apple offer large-scale distribution discounts for enterprise users. Choosing either company is wise when issuing company-wide mobile devices.

Remind employees to always set a passcode in addition to biometric protection. Use the longest character string passcodes possible, to ensure the phones are thoroughly secured at the physical level.

We Recommend - iOS

iOS download

OK, let's just say this is a personal preference and avoid all the security wonks battling it out for OS supremacy. It is our humble opinion that Apple inherently offers a more stable, secure, and sophisticated OS.

Sure, Google can implement a secure Android OS but with all the forks and platform variances who can be sure the version you have is safe? In contrast, only Apple is building their devices and OS so when things break we know who to blame and where to get the fix.

If you prefer Android, Windows, or some other OS that is fine, just be sure your OS is secure and keep it updated with the latest patches.

3. Be Wary of Open Wifi Connections

Public WiFi networks are convenient. We get that. But they're also a potential access point for hackers.

Data sent from your mobile device through public WiFi is easily intercepted. Hackers use something called packet sniffing to capture and read your data as it passes through the open access point.

This means everything from you Netflix password to your bank account information is at risk. Always stress the importance of avoiding public WiFi on work devices.

If you find yourself in a situation where you must use public WiFi, or you just can't avoid the convenience, be sure to protect your data. And that leads us into our next section.

4. Use a VPN

VPN stands for virtual private network. People use what amounts to a VPN every time they access a website that transmits sensitive information.

HTTPS, or the preceding letters in front of some web addresses, create a secure "tunnel" to send information from your computer to a website's server.

VPNs work in the same way, only on a larger scale. Traffic sent through your VPN browser is encrypted, sent to a VPN server, decrypted, and passed along to wherever you're trying to access online.

This encryption means hackers can't "sniff" your data on public WiFi. The server connection also means your geographic location is obscured.

Good VPNs cost money, but they're worth their weight in gold to let employees securely work outside the office.

We Recommend - PureVPN

As we have disclosed, public Wi-Fi hotspots are breeding grounds for hackers and identity thieves. PureVPN secures your Wi-Fi connection with 256-bit encryption to protect your data transmissions.

Most importantly they adhere to a Zero Log policy that means they never record your activities or what you do online. The PureVPN commitment to preserving your online privacy is second to none. This is why we wholly endorse PureVPN as the gold standard for mobile privacy.

No level of security is worthwhile if it slows down your efficiency or doesn't support your personal or work requirements. The PureVPN service is engineered to support every network protocol, optimized for modern broadband connections, and runs on over 500+ servers with a physical presence in 141 countries.

5. Click Links Wisely

Never click a link sent to you from a mysterious number. As we mentioned above, the Pegasus exploit allowed hackers full control of an iPhone through a simple link.

This advice goes for both email and text messages.

Often these links come from unknown numbers and disguise themselves as something of great importance. Others might look like links to popular websites, sent from a friend.

If you're unsure of a link's safety, don't click it. If you must know who sent it, text back the number. The phone numbers used in dangerous messages are usually spoofed, meaning the number is faked.

Your text either won't send, or some unsuspecting person will respond asking who you are. Either way, you'll know the message is unsafe.

6. Use a Password Manager

Passwords are vulnerable on any device. It doesn't matter what operating system you're running, or how secure your VPN is. 

Hackers that guess your online passwords gain access to all of your information. Luckily, this is easily prevented, and mobile devices have made it even easier.

1Password and LastPass are two excellent password managers that function as a virtual vault for all of your passwords. 

Both feature the ability to automatically fill in password fields across apps and websites. They also support biometric protection of your password vault.

Have employees use a password manager so they have no excuses not to use different randomized 16+ digit passwords across all their work accounts.

We Recommend - LastPass

lastpass

A solid password manager is indispensable for security and privacy. It must be easy-to-use, synchronize your passwords across devices, and be multiplatform compatible.

Apple has a robust, multiplatform solution of its own that includes synchronization: iCloud Keychain. So why use a paid solution? Apple doesn’t make iCloud Keychain available outside its own operating systems. iCloud Keychain also has no mechanism for sharing with other people - a serious limitation unless you're the last man on earth.

We recommend LastPass or 1password. The primary difference, without getting too technical is that LastPass syncs to the cloud and allows authentication with U2F security keys. Both encrypt their data at rest and the user keys are kept private.

Now that you have a mobile password manager you can finally implement 24 character strong passwords across all your accounts. :-) Just remember to secure them with an equally strong master password.

7. Keep Your Software Updated

This is the easiest tip on our entire list. Issue company-wide notices when a software update is released.

Updated operating systems contain patches that fix prior security flaws. Those incremental updates that don't visibly change anything are actually working in the background to block vulnerabilities.

Android and iOS both support wireless, over-the-air updates, so the excuses for not updating are non-existent. Set your phone to update while you sleep, and you'll be one step closer to complete security.

Technology is ever changing, and hackers are always working to stay ahead of mobile security features. It's imperative for companies and users to stay informed of the latest mobile privacy techniques to secure your mobile device. 

If you're looking for a mobile authentication solution, get in contact with us.




Michael Harris
Michael Harris

Author




Also in Mobile Security

Mobile Security: Explaining Fido U2F
Mobile Security: Explaining Fido U2F

by Michael Harris October 15, 2016

If you don't have a method to improve your mobile security and privacy, you need to get started. One way to begin - Fido U2F security keys. Here's why you need them to enhance your mobile security.

Read More

Ten Questions to Select the Best MDM for Your Enterprise
Ten Questions to Select the Best MDM for Your Enterprise

by Michael Harris October 10, 2016

With limitless choices of Mobile Device Management (MDM) systems available in the market, it is not an easy task to choose what’s best for your company.

Read More

Mobile Authentication 101: What it is, and Why You Need It
Mobile Authentication 101: What it is, and Why You Need It

by Michael Harris October 06, 2016

As we move towards using mobile for everything, protection is more important than ever. Here's how mobile authentication protects you and your business.

Read More