Securing your mobile device

Your device should have a variety of options to “secure the screen.” This means that to use your device, you have to unlock it with a strong password (use random characters including letters, numbers, and symbols), a finger swipe pattern, or biometrics (scanning your face or fingerprint).

Why? The biggest risk to your device is losing it and then having someone hack into it. Enabling automatic screen lock ensures that no one can access your device if lost or stolen.

• Apple Support: Use a passcode with your iPhone, iPad, or iPod touch (Source: support.apple.com)
• Android Help: Set screen lock on an Android device (Source: support.google.com)

Setting your screen to automatically lock after a period of inactivity (3-5 minutes) helps protect your device (and your personal info) from unauthorized access.

Check your device’s user manual or go to your internet provider’s (i.e. Verizon, US Cellular, AT&T, etc) website for more information.

Make sure you’re running the latest version of the operating system (OS) and apps. Updates often contain new security features and important patches to help keep your information secure.

Why? Hackers are constantly looking for new weaknesses in software, and vendors are constantly releasing updates and patches to fix them.

• iPhones: Apple releases an OS update directly to iPhone owners everywhere
• Androids: These devices are updated by the manufacturer. To check if an update is available: Open your device’s Settings app. Tap Security.

• Only install apps from trusted sources, like Google Play Store  (Source: plan.google.com) or Apple App Store  (Source: apple.com). Official app stores are more likely to screen for malicious, counterfeit, or otherwise shady apps and you are much more likely to be notified if you have downloaded a suspect app than if you use other download sites.
• Avoid installing unofficial versions of popular apps from unknown developers.
• Read the app reviews and make sure the “permissions granted” are necessary for the app to function. Many apps collect information about the user for marketing purposes, diagnostics, or as part of the service they provide. This could include everything from your contact list, photos, to your physical location. This information may be stored or distributed to third parties by the app developer, as well as stolen or intercepted by unauthorized users.

• Location tracking services are often used by apps to deliver personalized, location-based information, driving directions, traffic updates, or weather info.
• Leaving location tracking on may allow others to know where you are and your travel history.
• Location services can often be disabled entirely or allowed on an app by app basis. Consider disabling this service or limiting which apps can access the service.
• Doing so does not prevent your service provider or law enforcement from using your location information.
• For instructions on turning off location tracking, refer to your device’s user manual.

When you connect to free, unsecured Wifi networks, like those in an airport, a coffee shop, or a hotel, you could be unknowingly putting yourself at risk. Any site you visit (online purchases, mobile banking, etc) where you enter personal details or credit card info could be tracked by cyber criminals.

Always log out of financial or shopping sites after you view sensitive data or make a payment, and do not store passwords on your device. Consider using a password manager, like LastPass Enterprise (Source: it.wisc.edu).

• Use a Virtual Private Network (VPN) on public wireless — see how to install WiscVPN (Source: it.wisc.edu)
• WiscVPN provides another layer of security and protection, especially when you send sensitive information. VPN encrypts data while in transit, both through regular and wireless networks.

Bluejacking is a common attack where someone will use another person’s Bluetooth-enabled device to send spam. This can lead to phishing attempts and the spread of malware or viruses.

Mobile operating systems have programs to help you locate your phone if you lose it, or lock it, or erase the data if you think someone stole it. Go to settings to turn on this feature.

• Apple Support: Set up Find My on your iPhone, iPad, iPod touch, or Mac
• Android Help: Be ready to find a lost Android device

If you plan on selling or transferring your phone, you might consider taking it to your service provider or dealer to have it wiped and reset to factory defaults. Why? Because, in addition to SIM cards and removable memory, most devices have some amount of internal memory. Even if you believe you have deleted all of your personal information, photos, messages, and contacts, some information may still be stored on the device in locations you missed or are restricted by the manufacturer.

• Know how to report and mitigate a lost or compromised device – See: How to wipe your phone from O365 (Source: kb.wisc.edu)

Antivirus applications can help protect your phone from malicious attacks. They can help warn you if an application is not safe, track and block unknown callers who might be a threat and can erase your data if you lose your mobile device. In addition, antivirus applications can clear your browsing history and delete cookies. Cookies are small pieces of data that store your information. Your information could be exposed if someone malicious gets to them.

Check out these Security – Available Antivirus Software for Personally Owned Devices (Source: kb.wisc.edu). Please note that they are not supported by DoIT.

This refers to modifying or hacking your device to use features or install apps that are restricted by your service provider. Not only does this violate the terms of service of most device manufacturers, it potentially exposes your device to greater harm from malicious apps.

Many mobile devices have the ability to be synced and backed up to your personal computer, or even the cloud. Apple/iOS and Google/Android provide such service. Loss, damage, and even software updates can potentially cause you to lose all of your data. If you don’t have a back-up your important phone numbers, favorite photos and other data could be lost forever.

Some hackers have created malicious links and QR codes that can direct you to websites that could steal your personal information or install malware. Before scanning a QR code, check to make sure the company or product is real and reliable.