by Dave Moore, CISSP
01/16/2022
Smart phones and tablet computers are increasingly becoming the prime ways people connect to the Internet. They have also become prime targets in the sights of the Internet bad guys, who aim to steal, cheat, trick and destroy, just like they have for years against the world of desktop and laptop computers.
Viewed realistically, smart phones and tablets are nothing more than small computers without real keyboards. As such, they need the same types of bad-guy protection that full-on computers need. Here are a few of the protections I would pay attention to:
(1) Do not download frivolous, random apps unless you know exactly where they are coming from and what they do. iPads and iPhones should download only from Apple. Android phones and tablets should download only from Google Play.
(2) Pay attention to the privacy and security settings when you install an app. Some apps make ridiculous demands, such as access to your location, contact list or camera. Be choosy. If an app asks too much, ditch it in favor of something better.
(3) Decide where you want your information to live. Do you really need to put everything in “the cloud?” Will you have backup copies if the cloud service crashes? Be aware that all of the major cloud services (Google, Apple, Amazon) have crashed at one point or another, causing millions of files to simply disappear. How safe and secure will your private pictures and information be? What if some of it “leaked” out for all the world to see (think photos of former OKC Thunder star Kevin Durant smoking, and other embarassing celebrity photos)? Disable sharing until you really need it.
(4) Stop trying to synchronize every possible device together to where they all have the same information, especially personal-to-work computers. Is it possible that other people may view or use any of these devices? Do you really want them to see a list of every website you’ve visited, or every photo you’ve seen? Sync only when needed, rather than having it mindlessly running in the background at all times.
(5) Set up screen locking to turn on automatically, and give it a strong passphrase. Thousands of phones, tablets and laptops are lost or stolen every week. Make it to where no one can get into your device without the key.
(6) Disable tracking, location and GPS services for all but the most necessary functions.
(7) Make sure your device’s operating system (iOS or Android) is set to automatically update itself. Updates fix software problems that let the bad guys in. Make sure your mobile apps are being updated, too.
(8) Install some security software. Antivirus, antitheft, anti-whatever, security software can help cover for things we forget or don’t know about. Good, free software for both Apple and Android devices is available at places like avast.com/mobile and lookout.com. You may not be worried about viruses, but you also don’t want your device being used as a conduit to funnel problems to other people, either. Get some security software and use it.
(9) Stay on your carrier’s network (AT&T, T-mobile, Sprint, Verizon, etc.) as much as possible. Those networks are as safe as you’re going to get, and your communications (email, text, voice) will be protected. However, if you must get on local wifi networks, be aware that the potential exists for everyone else on that network to see what you are doing, whether it’s at work, the coffee shop, school or your hotel. In these cases, use a VPN (Virtual Private Network) “tunneling” service to protect your communications. Check out the free services at tunnelbear.com/download-devices.
(10) Similar to the LoJack Stolen Vehicle Recovery System for cars, software exists that allows you to track and possibly recover your lost or stolen tablet or phone. You can also remotely erase these devices, too, protecting your information from prying eyes. Some devices have remote tracking and erasing software already installed. If yours doesn’t, check the offerings from Avast Free Mobile Security and Lookout.
Dave Moore, CISSP, has been fixing computers in Oklahoma since 1984. Founder of the non-profit Internet Safety Group Ltd., he also teaches Internet safety community training workshops. He can be reached at 405-919-9901 or www.internetsafetygroup.org