Overview
Smartphone security is an integral part of cyber hygiene. Mobile devices are essential to personal and professional communication, web browsing, data storage and financial transactions. Following these best practices can help protect personal data and prevent cybercrime.
Categories of Smartphone Threats
Web-based threats occur when people visit websites that seem legitimate but that are actually copies created by cybercriminals. From these sites, users can download malicious content onto their smartphones, or they are fooled into entering personal information on a fake form. These threats can be particularly damaging, as they can go unnoticed for long periods of time.
Physical threats occur when the device is lost or stolen. If your smartphone falls into the wrong hands and the device is not protected by a strong password, personal identification number (PIN) or other form of protection, a cybercriminal can easily access your accounts, photos, contacts, etc. Always use a strong passcode to protect your smartphone.
App-based threats occur when users download malicious apps or fail to check if it is safe to grant the app access to their device. Only download apps that have been vetted and accessed through a verified app store.
Network threats most commonly operate through unsecured free-to-use public Wi-Fi found at restaurants, airports and countless other public places. Some attackers will even set up a fake Wi-Fi network and name it after something users may recognize, tricking users into using the compromised network and gaining access to the user’s device and credentials.
General Smartphone Best Practices
- Keep smartphone software up to date. Enable automatic updates, if possible.
- Use long, complex passwords and passphrases to protect accounts. Lock devices with a hard-to-guess passcode to avoid unwanted access, and activate the auto-lock feature in the settings menu.
- Download verified apps only from trusted sources, and review app permissions before enabling all features.
- Use verified security apps and anti-virus software from trusted vendors.
- Consider enabling the “find my device” and remote wipe features on all mobile devices.
- Educate yourself on new cybersecurity trends and threats.
- Regularly back-up your data and use cloud backups when possible.
- Enable multifactor authentication.
Protect Personal Information
- Always use caution when sharing personal information (e.g., full name, address, phone number). Never share account passwords; banks or organizations will never request this information.
- Avoid using public Wi-Fi networks to access sensitive data.
- Always know where a device is to prevent theft, damage or unauthorized access.
- Consider disabling the geo-tagging feature under location settings to avoid passively sharing the device’s location with unknown third parties.
- Look for “https://” at the start of website URLs to verify that the site is secure.
- Be cautious when responding to unsolicited text messages or voicemails. Know the signs of phishing.
- Encrypt sensitive data when possible. This can be done through the device’s security settings.
Tips for Keeping Kids Safe on Smartphones
- Encourage children to be respectful and responsible when they are online. Set a good example as parents by practicing good cyber habits.
- Don’t stand for cyberbullying! Learn the warning signs and get involved if your child is a victim or a bully.
- Learn how to block numbers on a child’s smartphone. Encourage kids to ignore text messages or calls from people they don’t know.
- Teach kids to be smart about sharing personal information, including keeping their personal details and contact information private. Educate them on avoiding risky actions, such as sharing sensitive photos or texting while driving.
- Research and enable parental control options, features and restrictions for your kid’s smartphone, including restricting web access or content filtering.
- Consider developing set smartphone rules, such as when kids can be online and what they are allowed to access.
- Become familiar with social mapping. Through GPS, this feature allows a child’s phone to see locations of friends and contacts and allows parents to pinpoint their child’s location.
- Visit the Keeping Kids Safe Online webpage for more tips and tools for online safety.
FAQs
How do I know if a mobile app is safe?
Check the source. Only download apps from official app stores. Read user reviews, scrutinize the app’s requested permissions and research the developer.
What should I do if I lose my smartphone?
Prevention is key. Before a device is lost, enable the “find my device” or remote wipe settings. Always keep your device on your person, and never leave it unattended. If a device is lost, change your account passwords and keep a close eye on your financial statements. Consider contacting your provider, filing a police report and/or filing an insurance claim.
Do I need a password/passcode on my smartphone?
It is strongly encouraged to enable a password or passcode on your smartphone or other electronic device. This security feature keeps your personal information safe should an unauthorized user try to open it.
Is every internet connection safe?
No. Many public internet connections are vulnerable to manipulation by cybercriminals. For example, networks can be spoofed, misrepresenting themselves as official networks, in order to steal your personal data.
Is it safe to use banking apps on a smartphone?
If you follow best practices, including setting unique passwords, and only accessing the app on secure Wi-Fi networks in private, then banking apps are safe to use.
Additional Resources
Federal Communications Commission (FCC): Smartphone Security
Department of Homeland Security (DHS) CISA: Mobile Device Checklist
National Security Agency (NSA): Mobile Device Best Practices
Notre Dame University: Are your mobile devices protected?
Office of the Director of National Intelligence (DNI): Mobile Device Safety