I've heard all of the excuses, every one of them an invalid justification for not ensuring the precious data on your smartphone is safe from prying eyes.
- I forget passwords too easily.
- It wastes time.
- It's too complicated.
- I just haven't bothered yet.
- I don't have anything to hide.
And those are just the tip of a very fate-tempting iceberg. Every time I hear one of those answers, I cringe. Why? With the amount of data theft climbing higher and higher each day, data security is at an absolute premium. Even if you think you don't hold precious cargo on that smartphone, you do. There are passwords to various accounts, contact phone numbers and emails, private conversations and photos...any of which could spell trouble if in the wrong hands.
1. Lock screen passwords
According to this Pew Research poll, over one quarter of smartphone users do not protect their devices with lock screen passcodes. Let that sink in a moment. Roughly 28% of smartphone users to not protect their devices. That means one in four smartphones sitting unattended could be compromised simply by picking up the device and using it. In the blink of an eye, someone has your home address, or your bank account information, or your photos, or other sensitive information.
You see where that goes?
Setting up a lock screen password isn't just easy, it's smart and only the first line of defense against would be data thieves. Sure, having to unlock your device might rob you of a couple of seconds from your busy day, but consider what you could be robbed of with that device wide open.
But isn't smartphone theft down? Yes. According to a Consumer Reports study (from 2015), smartphone theft is not only down, but way down. The reason? It's too easy for consumers to remotely wipe and lock their phones.
The caveat to that remote wipe feature? You have to have a screen lock setup. No lock? No remote wipe.
You see how that works?
The catch to that report is that smartphone theft only applies to the theft of actual devices. The theft of data is up. Way up.
2. Update, update, update
It doesn't end there. The security of your device doesn't just lie in setting up a passcode for the screen lock. The other big security issue for the mobile crowd is that of updates. A great many iPhone user waits, with baited breath, for the next big iOS update. They count down the hours, minutes, and herald the event with parties and a general sense of elation. And that's great. Every time your mobile platform of choice releases an update to the operating system, you should jump on it immediately. The same holds true with updates for your apps.
App updates occur for a lot of reasons. One such reason is security patches. If you don't update those apps, chances are you have a security vulnerability waiting to be taken advantage of.
Before anyone grumbles with, "I don't have time to constantly check for updates," know that platforms like Android allow you to set up apps to automatically download and install updates. That equates to users having to do nothing. If you open the Google Play Store (on your device) and then tap the "hamburger menu" (three horizontal lines in the upper left corner) and then tap My apps & games, you can tap on an app and then tap the apps menu button (three vertical dots in the upper right corner) and tap to enable Auto-update (Figure A). Now that app will automatically download and install as updates are made available.
3. Those insecure networks
Every time I venture into a coffee shop, I see tables filled with smartphone and laptop users at work with their devices. Most of those users have connected to the shop's Wi-Fi connection. And why not? Why use data on a personal account, when you can hop onto a company wireless connection? After all, companies can afford secure networks, right?
Did you have to enter a password to connect to that wireless network? If the answer is no, then understand you are transmitting data on a network that is primed for data theft. If connecting to an insecure wireless network is a must for you, then use a VPN solution, such as Tunnelbear (for Android and iOS). Even if you are only browsing the web or posting Facebook updates, if you value the privacy of your data, do not use these networks without the help of a VPN.
4. Two-factor authentication
I'm going to double back to the lock screen for a moment, to give you one last reminder as to why it is all so very important. This will also serve as another reminder to work a bit harder on the security of your device, as well as your accounts. I'm talking about two-factor authentication, a security layer that should be considered a must-have for every account that offers the service. Facebook, Twitter, Amazon, Google, your bank — if your sites and services allow you to set up two-factor authentication, do so immediately.
What is two-factor authentication? Without getting into the nuts and bolts, it's a system that, when you attempt to log into a supported account, it will require the addition of a second authentication password. That password is either sent to your mobile device in the form of a text or can be had with a tool like the Google Authenticator or Authy 2-Factor Authentication.
Here's the thing—the dangerous thing—if you don't have your lock screen setup with a required password/PIN/Pattern/fingerprint, anyone can gain access to those two-factor authentication passcodes. Now your device is compromised and the chances someone can steal your social identity or your bank information has grown significantly.
5. Layer your security
Consider your security in six layers (layer 1 being the innermost):
- Layer 1 - Operating system updates
- Layer 2 - Application updates
- Layer 3 - Network security
- Layer 4 - Two-factor authentication apps
- Layer 5 - Application passwords
- Layer 6 - Lock screen
You should not ignore a single one of these layers. Setup your lock screen, don't allow your device to save crucial application passwords, add two-factor authentication to every site and service that makes it available, only connect to secure wireless networks (or use a VPN when your only option is insecure Wi-Fi), enable auto-update of applications, and regularly check for operating system updates (and apply them as soon as they appear). Do this and the security of your smartphone usage will dramatically improve.
- How to add two-factor authentication to your WordPress site (TechRepublic)
- How to set up 9to5Google for easier two-factor authentication (TechRepublic)
- Secure your Google account with a little 2-step shuffle (TechRepublic)
- Let Authy handle your Android two-step authentication (TechRepublic)
- Enable two-step authentication on your Amazon account (TechRepublic)
- 10 do's and don'ts for securing your Android device (TechRepublic)
- Online security 101: Tips for protecting your privacy from hackers and spies (ZDNet)
Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website jackwallen.com.