Email this Article Email   

CHIPS Articles: Smartphone Security Checker

Smartphone Security Checker
By CHIPS Magazine - March 3, 2017
An astounding number of Americans — 95 percent — now own a cellphone of some kind. The share of Americans that own smartphones is now 77 percent, up from just 35 percent in Pew Research Center’s first survey of smartphone ownership conducted in 2011.

You are probably not surprised to learn that smartphones are particularly pervasive among younger adults, with 92 percent of 18- to 29-year-olds owning one. But growth in smartphone ownership over the past year has been especially strong among Americans 50 and older, according to the Center.

Unfortunately, many smartphone users do not enable the security software that comes with their phones, and many believe that surfing the internet on their phones is as safe as or safer than surfing on their computers, according to US-CERT. Consequently, mobile phones are enticing targets for cyber criminals.

It is important to protect your smartphone just like you protect your computer because the consequences of someone stealing your data and privacy information can be disastrous for you and your family.

The Federal Communications Commission offers a Smartphone Security Checker tool that is designed to help mobile users protect their personal data. To use this tool (www.fcc.gov/smartphone-security), users choose their mobile operating system, Android, Apple iOS, BlackBerry or Windows, and then follow the 10 customized steps to secure their mobile device.

Another valuable tool, HealthIT.gov Mobile Security Guide, provides 10 steps you can take to protect and secure health information when using your mobile device.

Consumers using smartphones, tablets and other mobile devices as "mobile wallets" to pay for goods and services should check out the FCC Consumer Guide on Mobile Wallet Services Protection for tips on protecting devices, mobile wallet services and applications, and associated data from theft and cyber-attacks.

In general, the FCC offers 10 mobile security tips that can help you reduce the risk of exposure to mobile security threats:

-- Set PINs and passwords. To prevent unauthorized access to your phone, set a password or Personal Identification Number (PIN) on your phone’s home screen as a first line of defense in case your phone is lost or stolen. When possible, use a different password for each of your important log-ins (email, banking, personal sites, etc.). You should configure your phone to automatically lock after five minutes or less when your phone is idle, as well as use the SIM password capability available on most smartphones.

-- Do not modify your smartphone’s security settings. Do not alter security settings for convenience. Tampering with your phone’s factory settings, jailbreaking, or rooting your phone, undermines the built-in security features offered by your wireless service and smartphone, making it more susceptible to an attack.

-- Backup and secure your data. You should backup all of the data stored on your phone – such as your contacts, documents, and photos. These files can be stored on your computer, on a removal storage card, or in the cloud. This will allow you to conveniently restore the information to your phone should it be lost, stolen, or otherwise erased.

-- Only install apps from trusted sources. Before downloading an app, conduct research to ensure the app is legitimate. Checking the legitimacy of an app may include such thing as: checking reviews, confirming the legitimacy of the app store, and comparing the app sponsor’s official website with the app store link to confirm consistency. Many apps from untrusted sources contain malware that once installed can steal information, install viruses, and cause harm to your phone’s contents. There are also apps that warn you if any security risks exist on your phone.

-- Understand app permissions before accepting them. You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone. Make sure to also check the privacy settings for each app before installing.

-- Install security apps that enable remote location and wiping. An important security feature widely available on smartphones, either by default or as an app, is the ability to remotely locate and erase all of the data stored on your phone, even if the phone’s GPS is off. In the case that you misplace your phone, some applications can activate a loud alarm, even if your phone is on silent. These apps can also help you locate and recover your phone when lost. Visit CTIA (http://www.ctia.org/) for a full list of anti-theft protection apps. CTIA represents the U.S. wireless communications industry.

-- Accept updates and patches to your smartphone’s software. You should keep your phone’s operating system software up-to-date by enabling automatic updates or accepting updates when prompted from your service provider, operating system provider, device manufacturer, or application provider. By keeping your operating system current, you reduce the risk of exposure to cyber threats.

-- Be smart on open Wi-Fi networks. When you access a Wi-Fi network that is open to the public, your phone can be an easy target of cybercriminals. You should limit your use of public hotspots and instead use protected Wi-Fi from a network operator you trust or mobile wireless connection to reduce your risk of exposure, especially when accessing personal or sensitive information. Always be aware when clicking web links and be particularly cautious if you are asked to enter account or log-in information.

-- Wipe data on your old phone before you donate, resell, or recycle it. Your smartphone contains personal data you want to keep private when you dispose your old phone. To protect your privacy, completely erase data off your phone and reset the phone to its initial factory settings.

-- Report a stolen smartphone. The major wireless service providers, in coordination with the FCC, have established a stolen phone database. If your phone is stolen, you should report the theft to your local law enforcement authorities and then register the stolen phone with your wireless provider. This will provide notice to all the major wireless service providers that the phone has been stolen and will allow for remote “bricking” of the phone so that it cannot be activated on any wireless network without your permission.

For more information and resources about mobile devices and cybersecurity, visit www.fcc.gov and the Department of Homeland Security’s Stop.Think.Connect. Campaign at www.dhs.gov/stopthinkconnect.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy
CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988