With the 2018 World Cup under way, and EU GDPR now in force, we’d like to share our students’ Top Ten mobile device prevention tips with our GCA readers. Our advice ends with our famous #30MinutesSelfie – book half an hour in your smartphone calendar, uninterrupted, with yourself, to make these safety measures happen!
Anti-Virus Software: Your smartphone is a computer because it has an operating system and a browser. Therefore, install antivirus software (or check out what the manufacture has already provided) and use this tool to scan for viruses at least on a monthly basis. Likewise, install and regularly check Anti-Spyware apps on your device. Enable security updates when requested; then your AV can scan for the very latest known malicious codes attacking smartphones. Do not enable suspicious looking AV updates: i.e., not ones from your vendor or those you have additionally subscribed to.
Ignore Unknown Links: Never open strange texts or untrusted URL links: This applies equally to your own SMS as well as to emails and social media communications. Just like email and social media, SMS can also introduce unauthorised Spyware, ransomware and other malware into your phone. (Sometimes from a known contact whose phone or PC has become a ‘Zombie’.) Steganographic attacks (malware embedded in pictures, often of celebrities) are also a classic method of mobile device attack. Keep them near or lock them up: Your smartphone is the equivalent of your bank cards and house keys all rolled into one. It’s also a radio transmitter. Like any prized possession, either keep your smartphone with you, or switch your baby off and lock her safely away.
Don’t be too trusting: friends and family usually have your best interests at heart. But moments of incredible stupidity with smartphones have caused countless relationships and friendships to flounder. If she’s not locked up, keep your phone with you at all times. This discipline is also good for emergency planning. Because all manner of hazards – such as vicious scooter-thieves, terrorists and natural disasters – never let us plan ahead to avoid disaster.
Zero-Trust Apps: Only ever download an app if you trust the source. This does not mean trust the tech giants! Google Play and App Store, verify (somewhat) the source and security of apps before they list them for download. But literally millions are corrupted with bugs and malware. If an app asks for permissions to access personal information, think very carefully before providing it. Be aware that even if you switch of your Google locator, many other apps will locate you. Apps seeking permission to use your microphone can record you. Apps seeking permission to use your camera can film you. And apps seeking permission to access your camera roll can pinch your pictures. And some apps don’t even ask! They do default data pillage! Proactively remove apps on a monthly basis if they are unused.
Zero-Trust Wi-Fi: Like any public service, Wi-Fi Hotspots can be a great contributor to our own state of happiness and a key enabler if assisting humanity to abolish war, disease and …?! You get the point. But be very aware of the ‘other side of the coin’. Wi-Fi channels are free-flowing, radio waves that allow any Tom, Dick or Harriet (with a cheap bit of kit) to eavesdrop into your device, temporarily or permanently, depending on the tools they use.
Anonymous Browsing: Hackers often exploit you because they can read your browsing history and anticipate, or exploit, your weaknesses. Therefore, learn how to browse anonymously or privately with tools such as Tor, PGP, and VPNs. Sometimes browsing this way is a little bit slower and prevents you carrying out financial transactions, as your IP address might cause suspicion. However, you shouldn’t really be shopping or banking from an unprotected hotspot, should you?!
Location and Tracking: Bear in mind, that if you lose your phone, you might wish to locate it! This means that you probably will want your phone locator on at times when you feel you could lose your phone. You can also lock your phone remotely and immediately with any number of security tracker apps. Research the apps first from user forums and tech journals before trusting them enough to install.
Encrypt key data and files: Save and encrypt important files, and export them to a password protected, double-authenticated client or cloud. Also get into the habit of using end-to-end communications encryption. This means the hacker might know you’re online but they still can’t read your messages. Freely available VPN and encryption services such as CyberGhost can be a real party-pooper for malicious hackers. WhatsApp offers asymmetric end-to-end encryption. But if you lose your phone the SMS messages (if left unprotected) are left for all to read, screenshot and steal.
Regularly Transfer and Back-Up Data: To a separate device (probably a PC) that is itself sensibly protected. Then base that PC in a secure room, or a locked drawer. Don’t hide that PC’s password under any mouse mats, chairs, tables, or monitors! Spend ten minutes every month transferring your smartphone pics to your PC. Losing them, even by an accidental own-goal, can be upsetting.
Passwords and Double Authentication: Many phones now have double-authentication opportunities. Use the latest tools – including biometrics – to double-lock your phone. Use a password manager and a file locker to separately lock all precious files. Use long nonsense phrases and symbols for passwords, not words and numbers. Also make password changes after any suspicious incident, or memory blind-spot. (Such as accidentally leaving it at the local pub overnight.) Change your passwords at least every month.
#30MinutesSelfie: Book a 30-minute calendar meeting each month. With yourself. No interruptions. ‘Me’ time. To enforce these ten steps. Hope this helps! @GlobalCAcademy