Welcome to the next installment of our 12-month Cyber Security Awareness campaign. In previous months we’ve covered social engineering, phishing and password guidance, and this month we’re focusing on mobile devices.
Mobile devices contain a wealth of personal and sensitive information, including emails, contacts, financial details, and login credentials. They also often have access to corporate networks, making them valuable targets for cybercriminals. Ensuring the security of your mobile devices is essential to protect against data breaches, unauthorized access, and identity theft. We’ll examine the risks and outline steps you can take to protect your data and the University.
Risks from unsecured mobile devices include:
- Data Breaches: Unsecured devices are susceptible to exploitation, leading to unauthorized access to personal and corporate data.
- Malware and Phishing: Mobile devices are vulnerable to malware infections and phishing attacks, potentially resulting in financial loss and exposure of sensitive information.
- Loss or Theft: A lost or stolen device can compromise sensitive information stored on it, posing a significant risk to personal and organizational security.
- Network Vulnerabilities: Unsecured devices may connect to insecure Wi-Fi networks, exposing users to data interception and man-in-the-middle attacks.
Best Practices for Mobile Device Security:
- Secure app downloads: Download apps only from official app stores, as they undergo security vetting to minimize the risk of downloading malicious software. Review the permissions requested by apps before installing them and only grant access to the information and features they truly need. Be wary of apps that request excessive permissions or access to sensitive data without a valid reason.
- Keep your device updated: Regularly update your mobile operating system and apps to ensure you have the latest security patches and bug fixes. Software updates often include critical security improvements that help protect against known vulnerabilities.
- Use strong authentication methods: Take advantage of biometric authentication options like fingerprint or facial recognition, in addition to a strong PIN or password, to lock your device. This adds an extra layer of security beyond just the physical lock screen.
- Enable device encryption: Encrypting your mobile device’s data ensures that it’s protected even if your device falls into the wrong hands. Most modern smartphones and tablets offer built-in encryption features that you can enable in the device settings.
- Use a secure Wi-Fi connection: When connecting to Wi-Fi networks, especially public ones, use a secure connection whenever possible. Avoid connecting to unsecured Wi-Fi networks or networks with weak security protocols, as they can expose your data to potential eavesdropping or interception.
- Install security software: Consider installing reputable mobile security apps that offer features like malware detection, anti-theft protection, and secure web browsing. These apps can help detect and remove malicious software from your device and provide additional layers of defense against cyber threats.
- Backup your data: Regularly backup your mobile device’s data to a secure location, such as the cloud or an external hard drive. This ensures that you can recover your data in case of loss, theft, or a security incident.
- Educate yourself about mobile threats: Stay informed about the latest mobile security threats and best practices for protecting your device. Be cautious of phishing attempts, malicious apps, and other common tactics used by cyber criminals to target mobile users.
For guidance specific to your personal device, see the National Cyber Security Centre’s advice here: Securing your devices – NCSC.GOV.UK As always, as a student or staff member at the University of Stirling, you can heighten your cyber security awareness by completing the free training available through the Metacompliance app: https://universityofstirling.metacompliance.com/
See the previous posts in this series:
October 2023 – Introduction to Cyber Security
November 2023 – Types of Cyber Security Threats
December 2023 – Social Engineering Threats
January 2024 – Phishing – Don’t Fall Prey
February 2024 – Strong Passwords – Protect your digital fortress
