Protecting Sensitive Data on Your Mobile Device

finjanmobileBlog, Mobile Security

Protecting Sensitive Data on Your Mobile Device

A 2015 survey of 2,000 office workers revealed that 73% of those polled had downloaded personal apps to tablets issued by their employers, while over 50% used their personal smartphones and devices to conduct company business.

With the lines now blurred between personal and corporate, the data stored and transmitted on mobile devices is often a mix of personally identifiable information (PII), financial data and account credentials (for both individuals and enterprises), and intellectual property at all levels. Fruitful pickings, for the enterprising cyber-criminal.

So, how can you ensure that none of this valuable information falls into the wrong hands? In this article, we take a closer look at protecting sensitive data on your mobile device.

Secure Your Device Physically

At work and in unsecured public places, keep a hand or eye on your device, at all times. If it’s out of your possession and you can’t see or otherwise locate it, then it’s out of your control – and quite possibly in someone else’s hands. So to reduce the risk of accidental damage, losing your device or having it stolen, you should either keep it on your person (in your hand, your pocket, your bag, etc.) or in a secure location.

The worst might happen, so it’s best to keep a record of information and documentation which identifies your device, such as your receipt of purchase, device serial number or PIN, MAC address, etc.

Control Access To Your Screen

Should your device fall into the wrong hands, ensuring that the most they get out of their theft is a resellable brick is the preferable option. If you’ve effective enough access control measures in place, a would-be thief won’t be able to get beyond your password prompt or lock screen.

Of course, if you’re using a password or PIN it needs to be very difficult if not impossible to crack, so you’ll need to observe strong password protocols. That means a mix of letters, numbers, and symbols, preferably eight or more characters (for passwords – PIN numbers are generally four digits) – and not the name of your dog, your son’s birthday, or any of those other old chestnuts.

Graphical lock screens are a fairly recent option, and there are plenty of really clever apps out there for controlling access to your screens using patterns you have to draw, “hot spots” you need to press on a picture, and so on. These have the general advantage of being easier to remember than a password or PIN. But you need to be careful using them in crowded areas where potential “shoulder surfers” could watch as you complete the picture – and grease patterns from your fingers can remain on screens revealing your secret design if you don’t wipe off your screen regularly.

Biometrics are yet another option for protecting sensitive data on your mobile device – and one that’s uniquely tied to you personally, so long as the software and its recognition algorithms are capable enough. Voice locks can be set to open your device when you speak a set phrase. If you have a fingerprint scanner, this can be configured as a screen lock (the caution about wiping off grease patterns applies here, too). And your “selfie” camera may be used in conjunction with facial recognition software to take your picture each time you want access to your device.

Use Protection

Vendors and device manufacturers are gradually learning their lesson about making malware protection and security controls available to mobile users. If your device comes with configurable security tools, then select options to give maximum protection from outside threats while governing the flow of data from your device.

Mobile anti-virus/anti-malware apps are now freely available, so install a good one and configure it for your use as well. Filters for spam, SMS, and the blocking of data access to specified applications are also available.

Make Your Data Unreadable to Intruders

Encryption (the scrambling of data so that it’s unreadable to anyone without a key to decode it) is a preferred option for protecting information as it’s moved from place to place, and even when it sits in storage on a device or folder. Tools already exist for the encryption of entire hard drives on notebook and laptop computers (remember, these are small and mobile devices too), and apps for encryption on smartphones and tablets may also be found on the approved app stores.

Limit Your Broadcast Capability

If you’re not advertising your presence and broadcasting your data to the world at large, then there’s a smaller population to worry about who might have malicious intentions towards you.

Cyber-criminals and spies with the proper tools can use Bluetooth technologies to eavesdrop on your communications and gain access to sensitive data on your device. So unless you absolutely have to use it (and even until you do), it’s a good idea to disable Bluetooth. Likewise with the “touch transfer” and “Hot Knot” technologies that can use near field communications to transfer data and credentials between two devices that touch or are in close proximity.

GPS can be a bit of a double-edged sword. On the one hand, if your device is lost or stolen, GPS tracking may help you or the authorities to locate it. On the other, GPS and other location-based services may be used by hackers to trace your movements for nefarious purposes. So it’s a bit of a balancing act as to when and if to disable these features.

Stay Alert On WiFi

Browsing sessions at WiFi hot spots often begin with users receiving alerts on their devices that the connection they are using is unsecured. Sadly, these are generally ignored, and mobile device users can easily fall victim to eavesdropping, hackers hijacking or intercepting data transmissions, or being spoofed into revealing confidential data via key loggers and other malware on a bogus hot spot disguised to look legitimate.

The old advice to use public WiFi only when you absolutely have to still applies. And if you do, connect via a virtual private network or VPN if possible. There are several really good ones available for mobile users.

Learn About Phishing

Mobile email, SMS, and instant messaging are all very convenient – but they’re also the stalking ground for cyber-criminals and fraudsters looking to hook unsuspecting targets into revealing credit card details, bank account numbers, passwords, and other information in response to that urgent warning from your credit union or that legitimate-looking threat of court action from the local power company.

These lures may be specifically designed to target you as someone working at a particular organization, or more general attempts to snare larger numbers of victims. If your company runs a security awareness training program, this is a good place to start studying up on the various gambits used, and your best tactics for avoiding them. And don’t click on those links.

Go Cautiously With the Downloads

Apps are great, and there are loads of clever ones out there. But the more applications you have installed on your device, the greater the potential that one or more of them will have a security vulnerability which cyber-criminals may exploit – or actually be full-blown malware. So try to resist the urge to install everything that appeals to you.

Downloads from sources other than the manufacturer-approved app stores are also a great risk. Many come pre-packaged with malicious code, spyware, or adware.

Don’t Jail-break Your Mobile Device

With restrictions on many devices imposed by the manufacturer prohibiting certain file and system operations and confining users to certain app stores, device owners often give in to the temptation to jail-break or root their hardware. This removes the shackles and allows them to delete pre-installed system apps that they don’t want, download apps from sites of their own choosing, and so on.

But rooted devices are more vulnerable to malware infiltration than those that aren’t jail-broken – and vital system updates may be missed as these devices may be blacklisted or overlooked by the manufacturer when network-wide patches and updates are issued.

Read the Fine Print

The permissions requested by apps before you install them may contain language that attempts to conceal the presence of spyware or adware. Similarly, the Terms and Conditions associated with opening an online account or subscription may indicate that your personal and transaction data will actually be shared with third parties – usually for targeted advertising purposes or market research, but less benevolent reasons may also exist.

If you don’t bother to read this stuff before you click that button to Install or Join Now, you may have a nasty surprise waiting somewhere down the line. You have been warned.

Share this Post