Our smartphone habits have changed dramatically in the last year or so. And many of these shifts are a direct result of the covid-19 pandemic. For example, we’re now scanning QR codes at bars, we’re sharing our vaccination status on our phones when we travel, and we’re using mobile devices to help us work remotely.
While we might not have been consciously aware of all of these changes, bad actors certainly have been. As a result, mobile devices and the apps loaded onto them have become key targets for their attacks.
Sadly this is a trend that looks set to continue.
So, how can you secure your mobile device in the post-covid-19 world?
In this article we’ll share our top 5 tips.
Be more suspicious
This is tricky, because we’re not used to being sceptical on our mobile devices. For a long time we saw our phones as safe places. Somewhere to laugh with friends, share funny videos, and swipe through photos on social media.
But this is precisely why cybercriminals have begun to target us there. They know that compared with how we behave on our laptops, we’re more at ease. Our guard is down.
Ask yourself; where do you use your mobile device? Chances are the answer is everywhere. You use it walking down the street, you use it on the train, and you use it on the way out of the house. In all of these scenarios, you’re typically doing something else at the same time. You’re not 100% focused. And so it’s easy to be distracted and click on a link in a text message that at first glance looks legitimate.
You might have noticed a rise in the number of bogus text messages you’ve received this last year. Cybercriminals have pretended to be banks, energy suppliers, and even health centers offering covid vaccinations. All of these phishing messages have two things in common. Firstly, they ask you to click on a link. And secondly, that link is laced with malware that can spread quickly through your phone (and even to your contacts).
In the last 18 months we’ve been about as wary as we’ve ever been in physical spaces. From now onwards it will serve us well to be just as cautious in digital spaces, too. Especially on our phones.
Use multifactor authentication
It’s harder for a bad actor to hack into your account when they have to do more than guess - or illegally access - your password. Multi-factor authentication provides a second layer of protection by verifying that it is you who is trying to access your account.
Typically this is done via a mobile device. Say you’re trying to log into your online bank - after you enter your login details, you’ll receive a code via SMS as a final step to log in.
Any form of multi-factor authentication is better than none. But as our previous tip covers, SMS isn’t the safest of ecosystems. Like cybersecurity journalist Brian Krebs said in a blog earlier this year, our phone numbers were never designed to be identity documents. But they’ve become just that out of convenience. Krebs used his blog to encourage people to actually remove their phone numbers from their online accounts.
If you do so, then you can use iOS and Android push notifications as the second authentication step, instead. Both Apple and Google now recommend this rather than receiving a text message or a phone call.
Make sure you’re using the latest OS version
A lot of people assume that when Apple or Google release new versions of iOS and Android, the changes are mainly cosmetic. But actually each release also comes with important security patches. Ignore them and your phone becomes more susceptible to attacks against its data and systems.
If you’re using an iPhone, it’s much more likely you’re using the latest version of iOS. The nature of Apple being the only manufacturer of iOS devices makes things much simpler. A new OS version is released and users typically have it installed on their phone a day or two later.
This isn’t the case with Android - there are so many manufacturers of Android devices that things take a lot longer. And it’s easier for people to miss an update. According to NetMarketShare, 83% of Android users weren’t using the latest OS version in 2020.
The security offered by Apple and Google isn’t enough to protect mobile applications from more sophisticated attacks. The developers of the apps that you use should also use robust in-app protection to secure the dark spaces between the app and the OS. But you’re still helping to secure your mobile device by making sure it’s running the latest OS version.
Be wary of untrusted networks
One trend that has been fast tracked by the pandemic is the growth in remote working. These days your office can be your living room, the cafe down the street, or even an airport departure lounge. But this shift is quite significant from a security perspective. Because it means you’re no longer operating under the protective bubble of the office network.
You should be particularly cautious of public WiFi. If a network is compromised and a bad actor has gained access to it, then connecting to it can expose your mobile device - as well as other devices it’s linked to - to malicious code.
Cybercriminals can also carry out a man-in-the-middle attack via public WiFi networks. This is where they intercept the line of communication between your mobile device and the network. By doing so, they can see the information you send (like an email) and can even alter that information before it gets sent on.
While the safest option is to avoid public WiFi altogether, you might find that you have to connect as your work becomes more remote. If that’s the case, then make sure the connection is secured before connecting to sensitive apps like mobile banking.
Know the kind of data you’re sharing
How often have you downloaded an app and just accepted all of the permissions it is asking for?
We’ve all been there. We want the app and so we don’t really dwell too much on the data about ourselves that we’re handing over. But in the post-pandemic world where mobile apps are a more tempting target for attacks, it might be that we need to be a little more aware.
As Verizon rightly points out in their 2021 Mobile Security Index, something like location data might not seem particularly sensitive at first, but it can be. When you think about it, someone’s location data can hint at all kinds of aspects of their personal life. It can tell someone when they’re at home and when they’re out, what their hobbies are, and their sexual orientation. If a bad actor had this data, they might be able to use it for extortion. Or they could craft a more believable phishing message.
There’s another good example of this in a recent New York Times article about living a safer digital life. When you take a photo on your phone, it often comes with the location of where that photo was snapped. Again, you wouldn’t want that information to fall into the wrong hands. There are instructions in the same article for disabling this in-built feature.
The last year or two has proved to us that cybercriminals are skilled at exploiting wider anxieties. During the covid-19 pandemic our gaze has often been elsewhere and we’ve relied on our phones for some distraction. A little light relief.
We should feel able to continue seeing our phones this way. But at the same time we need to be a little more skeptical sometimes. This caution can go a long way to securing your mobile device in the post-pandemic world.
