15 October 2020
In the second of four articles for Cybersecurity Awareness Month (October), FTI Cybersecurity presents essential best practices for securing your mobile device at home and on the job.
Most of us consider the minicomputer we carry in our pockets to be a direct line for managing various parts of our personal and professional lives. We chat, text, check the S&P 500 and sports scores, email the boss, snap selfies, and navigate unfamiliar cities on our business trips.
Cyber criminals look at our smartphones — and by extension us — through a different lens. They see a veritable treasure chest of data and information for the taking and owners who may be too busy or preoccupied to keep their devices secure. The good news is that we can tighten the security around our smartphones with 10 simple low-tech actions that will protect our information and data whether at home, work or out and about.
1. Update regularly
This applies not only to your mobile device operating system (OS), but to your apps. Attackers will often target known vulnerabilities that appear in older versions of software. By consistently updating the OS and your apps,* you can reduce your risk with the simple click of a button.
2. Turn on multifactor authentication (MFA)
Not every website, app or service offers it, but for those that do, MFA adds an extra level of security. Most MFAs work by automatically sending a numeric code to your phone via SMS or push notification through an app when you log into a password-protected account, but avoid using SMS (text)-based MFA if possible. Cyber criminals and other nefarious actors often target wireless provider accounts to obtain access to your SMS messages. Use a dedicated MFA app like Duo or Google Authenticator when possible, including for personal apps, even if you already have one installed for corporate apps.
3. Be wary of unsolicited calls/text messages
The creativity and complexity of attacks tends to run one step ahead of security, so you should give additional scrutiny to any calls or messages that ask you to perform an unusual action or provide excessive information. Rule of thumb: You’ll never be asked out of the blue to provide a social security number or password by a legitimate organization.
