Mobile users are often unaware of how vulnerable their smartphone can be. A regular mobile usage involves manipulating numerous corporate and personal data, installing apps, granting permissions, connecting to various networks, etc. But while all these can seem innocuous, common tasks and habits such as delaying an update or side-downloading an app actually come with risks.
Although nothing is better than using a security solution to protect mobile data, there are simple rules to follow by to minimize the exposition of personal and corporate data to cybercriminals. This list sums up actionable tips that mobile users should know of.
1. Stay away from third-party app stores
Apps are the first vector used by cybercriminals to compromise mobile devices. Getting a paid app for free on a third-party store is tempting, but while first being illegal, it also has a high chance to embed a malware. While Google Play Protect is far from being bullet-proof and Apple also sometimes lets risky apps slip through the gate, both official stores at least perform a first layer of security checks that third-party stores don’t. To avoid most malwares and leaky apps, play by the rules and don’t download applications from unknown sources.
2. Be diligent when granting app permissions
Today, a lot of official applications require permissions they don’t really need to run. In most cases, apps ask access to the location, contact list, SMS, microphone, etc. to collect associated data and sell them to marketing companies. To prevent your data from being shared with global advertising groups, always make sure to only grant permissions that are really needed.
3. Auto-update your applications
Sometimes, malicious apps make their way to official stores. When Google and Apple are alerted and remove them, they don’t notify the thousands, sometimes millions of users that still have those apps on their device. Therefore, these users’ devices are infected and their data are exposed. Enabling applications automatic update in your settings ensures you’re not using the version of an app that is obsolete and has been deleted from stores. Overall, app updates often come with security patches that shouldn’t be disregarded.
4. Don’t trust public networks
The network is the second main vector of attacks on mobile devices. Open networks are not necessarily malicious but hackers can easily spoof them and/or intercept data transiting through them, like in a Man-In-The-Middle attack for example. As a result, you should avoid processing sensitive data or make transactions while connected to a public network.
5. Don’t let your NFC, Bluetooth and WiFi enabled by default
Keeping those channels always open is convenient, especially if you use them regularly, but it comes at a price. When the NFC, WiFi or Bluetooth is enabled, it represents an open door for intruders to connect to your mobile device and exfiltrate data from it or compromise it.
6. Keep your operating system up to date
Android and iOS new OS versions are published on a regular basis. These updates represent an essential piece of systems’ stability and safety, as they include functionality enhancements and patches to CVEs and other vulnerabilities. While it takes little to no effort to update your device system, it ensures your device won’t be compromised through the exploit of known security flaws.
7. Don’t root or jailbreak your device
By deeply modifying your smartphone’s OS in order to benefit from extra features, you expose it to malicious and intrusive behaviors. It’s important to known that 75.1% of mobile apps automatically check the root / jailbreak status of devices to execute specific commands. This practice weakens a device’s resistance to attacks and puts personal and corporate data at risk.
And finally, get a mobile security solution
If those tips provide the best practices to limit attacks on mobile devices, it is hard to strictly follow them daily and companies have no way to track if their mobile workforce correctly applies them.
As a security head, you should consider deploying a mobile security solution that will automatically protect your mobile fleet from app, network and OS threats, such as Pradeo Security Mobile Threat Defense.
You might also be interested in:
- How to vet mobile apps before issuing them to collaborators
- What Zero Trust means for mobile security?
