Cybersecurity blog header

Common sense and 10 other recommendations to protect your mobile

- Ciber 4 All Team

One of the recommendations to protect your mobile phone is to periodically review the permissions of your apps

Update your phone, make backups, set up two-factor authentication, check app permissions, and follow these recommendations to protect your mobile

A few weeks ago, we discussed the principal risks of mobile applications today, according to the OWASP foundation. As well as how to prevent and detect vulnerabilities affecting these applications. However, the security of mobile devices is not only a matter for developers and cybersecurity professionals who audit mobile applications; it is based on three pillars.

Firstly, the device’s operating system. Secondly, the secure development of applications so that they are not vulnerable. Finally, the excellent security practices of the users. Because yes, protecting your mobile is also in your hands.

Common sense

Throughout life, we learn what common sense is. A worldview is a way of thinking and doing things that assist us in all our decisions, from the most excessive and everyday to the most relevant and transcendental. In terms of physical security, it is common sense not to walk down the street with an open backpack full of valuables. When it comes to cybersecurity, common sense operates in the same way. Thus, clicking on a link that has come to us through an instant messaging application from an unknown contact is not common sense.

Caution and common sense are crucial to protecting your mobile against thieves, malicious apps and cyber-attacks. They result in increased security of the mobile device and curb risks.

Thus, common sense can help us prevent social engineering attacks, be alert, detect fraud cases, and successfully implement the 10 recommendations to protect your mobile device, which we will discuss below.

1. Fortify access to your device with passwords and unlocking mechanisms

First of all, it is essential to protect your mobile phone physically. So that it does not fall into the hands of a malicious attacker who can access all the data on the device.

To this end, it is essential to establish secure passwords. In other words, avoid the classic 1 2 3 4 and use strong unlocking mechanisms.

These security measures can be established to unlock mobile phones and access specific applications.

2. Implement the double authentication factor

Beyond the establishment of strong passwords, you can protect your mobile, whether Android or iOS, by implementing multifactor authentication. In this way, in addition to the password, another factor will be required to access a device. So, in case someone knows the password, they will not be able to access the information anyway.

This additional layer of security can consist of a biometric authentication system, which allows us to identify ourselves using our own physiological characteristics, such as fingerprints, iris or facial features.

In this way, access to the mobile device will require a factor centered on the information we know (a password or a pattern) and another factor centered on who we are. Their combined use can help you protect your mobile device if a person has the terminal.

Double authentication can be implemented to unlock the device, enter certain applications or make payments. Thus, the management of your mobile protection is highly customizable and accurate.

3. Update your device

Device manufacturers periodically develop software updates. In addition to implementing new functionalities, these protect your mobile against attacks and malicious techniques that have been discovered.

In this way, developers design solutions to correct the security flaws found.

If devices are not updated, they will be more exposed to the actions of potential attackers.

Therefore, among the recommendations to protect your mobile, we believe it is advisable to check that your mobile device is updated to the latest software. If it is not, you should proceed to install the update.

4. Use antivirus

Even if your device has the latest software version installed, it is not exempt from the risk of being infected by malware, either through a malicious application, downloading an infected file or clicking on a dangerous link.

Therefore, among the recommendations to protect your mobile phone, you should consider installing an antivirus on your device, just as we are used to doing on personal and work computers. This is even more important if you install applications outside the official store.

After consulting their reviews, such antivirus software should be obtained through official stores, such as Google Play or App Store. In the business sector, the option of supplementing the security of business terminals with mobile EDR software is available.

Updating the software is one of the recommendations to protect your mobile phone that you should take into account

5. Back up and encrypt information

The information stored on the device can be compromised in the event of loss or malicious attack. Therefore, it is essential to make regular backups.

This minimizes risks and facilitates the recovery of all information during an incident.

Making backups can be automated or carried out manually, both on Android and iOS. The copies will be stored in the cloud and can be retrieved in case they are needed.

By default, both current Android phones and Apple devices encrypt their content automatically. However, this does not happen if we use external memory cards in Android, so this card must be encrypted manually to prevent our information from falling into the wrong hands.

6. Avoid unsafe practices, one of the recommendations to protect your mobile phone

Rooting and jailbreaking techniques allow you to remove manufacturers’ limitations on mobile devices. The former refers to Android devices, while the latter is linked to IOS mobiles. The user obtains full access to the mobile phone by performing these techniques. Both to its operating system and to its operation. These practices can have three pernicious consequences in terms of security:

  1. They invalidate the manufacturer’s warranty.
  2. They can render the mobile phone unusable if not carried out correctly.
  3. The manufacturer’s restrictions help the device to function optimally and limit attacks by malicious applications. Overriding the manufacturer’s restrictions can lead to security risks.

7. Download and install secure applications from official stores

Another recommendation to protect your mobile phone is to download only secure applications. Nowadays, our mobile phones have dozens of different apps. From banking applications to instant messaging applications or social networks.

Therefore, it is vital to ensure that they are safe before downloading and installing them on the device.

In this sense, it is essential to use only official stores for this type of download and check other users’ reviews, as in the case of antivirus.

As we pointed out at the beginning, common sense is the primary security measure to avoid attacks against our devices. If an application shows signs of being unreliable, the best thing to do is not to download it.

8. Check app permissions

This recommendation is crucial. We may be generally quite cautious when downloading and installing applications. However, when it comes to granting permissions, many people accept everything that apps ask for. In this way, they give apps access to their contacts, microphones and locations, even though the app does not require any of these permissions to function optimally.

As a result, this opens the door to violating the privacy and security of the mobile and, therefore, of the user. The risks range from identity theft to the sending of spam or viruses, social engineering attacks and theft of personal data. They vary depending on what information or device functionality the malicious or compromised application is granted access to.

What is the best way to avoid these risks? When installing applications, only grant them the permissions essential for their operation. Subsequently, review the permissions granted to each app and analyze whether they are consistent with its features and functionalities. If they are not, they should be revoked.

As users, we can implement a number of best practices to protect our mobiles from cyber-attacks

9. Improve the security of your connections

It is not enough to control what we install on our mobile devices and what access permissions we give them. We must also monitor the connections we use to ensure their security. This is essential for WiFi connections, but also for Bluetooth and NFC.

9.1. WiFi

WiFi networks can be public or private. The latter’s security depends mainly on the level of password protection and the router to which we connect. The more robust their security systems are, the more unlikely it is that they can be breached and that the WiFi becomes a way for attackers to access our devices.

Public networks are becoming increasingly abundant in establishments and public spaces, so it is important to be cautious. Through these types of networks, malicious agents can launch attacks to monitor what we do with our devices and access sensitive information.

Therefore, on the one hand, it is crucial to ensure that our mobile does not have the option to automatically connect to any open WiFi network so that it is connected to one without us being aware. This could have serious consequences.

Nowadays, most applications exchange information encrypted, so the risk of sharing private information over a public WiFi network is lower. Even so, it is advisable to use a VPN on our mobile devices when connecting to networks that do not offer all the guarantees of security or privacy.

9.2. Bluetooth

Bluetooth connections allow us to communicate with several devices close to each other. Once we are not actively using Bluetooth, it is essential to disconnect it since if it remains activated; it can open the doors of our device to attackers, tracking our position or impersonating known Bluetooth devices.

If Bluetooth is activated, it constantly sends a signal to connect to other nearby devices. From this, attackers can detect our mobile device and launch an attack to collect personal data or transfer a malicious file to our mobile device.

To secure the Bluetooth ecosystem, the Tarlogic Innovation team has carried out research showing the security issues of devices using this global standard and has developed the BSAM methodology, which allows for security assessments of these devices.

9.3. NFC

In recent years, the use of NFC technology has become widespread, allowing payments to be made without needing a physical bank card. Thus, we do not need to carry cash or a credit or debit card; we can make payments just by having our mobile phone with us.

While NFC is handy, it is also dangerous if we do not use it properly. If breached, it allows attackers access to a vulnerable area of our lives: the money in our bank accounts.

Although it is necessary to be close to a malicious device to suffer an NFC theft, and its probability is low, it is a good security practice to activate NFC when making a payment and deactivate it immediately afterward. If we leave it activated, a criminal can take advantage of it and make an undue charge to our card.

10. If you lose your device, locate it or delete the linked accounts.

In addition to all the attacks cybercriminals can launch, there is a more mundane element to consider when making recommendations to protect your mobile: the possibility of losing it. No one is perfect, and we all have the occasional forgetfulness. If you have lost your mobile, don’t panic, as you can take two basic actions.

10.1. Reactive measures

On the one hand, you can locate your device on both iOS and Android. In the case of Android, it is essential that you are logged in with your Google account and that the device has geolocation enabled.

If this option cannot be carried out or does not give results, deleting the accounts linked to the mobile device is crucial. These contain a huge amount of information about the user:

  • Who he is.
  • What he does.
  • What is his routine?
  • Who he communicates with.
  • What he likes.
  • Where he lives, as well as photos, videos, messages or documents.

Therefore, it is essential to unlink Google accounts on Android phones and Apple accounts on iOS, as well as social network accounts (Instagram, Twitter, etc.), instant messaging applications (WhatsApp, Telegram, etc.), cards, bank accounts and other accounts that you may have linked.

In addition, if we believe that our mobile has been stolen, we can block it, making it essential that anyone who intends to use it knows the password. We can also delete the data remotely and even block the SIM card or block the mobile by IMEI after reporting the theft to the police.

Keep the backup codes of your second authentication factor for accounts such as Google in a safe place so that you can block and restore access with the best guarantees in case your phone is lost.

10.2. Preventive measures

In addition to implementing the recommendations to protect your mobile phone that we have just described, you can also take action beforehand to be prepared and minimize the risks in case of loss or theft.

For example, it is advisable to check the linked accounts periodically. This way, we will know exactly which accounts they are, and unlinking them will be faster and more efficient.

It is also essential to ensure that all linked accounts have secure passwords that cannot be easily breached. Along the same lines, it is advisable to consider establishing a double authentication factor in those services or apps that allow it.

All these measures described above make a crucial contribution to protecting your mobile against cybercriminals and safeguarding all the information contained in it. While these 10 recommendations to protect your mobile are very useful, common sense is the basis of the entire security strategy for our mobile devices. Therefore, before making any decision, it is necessary to think it through and act with caution. The protection of our data and much of our privacy is at stake.