As the use of smartphones continues to increase, con artists are finding ways to access personal information. "Smartphone security is going to become even more important," says Nikki Fiorentino, Director of Communications at the Identity Theft Resource Center. But it goes beyond that. A growing number of internet-connected cars and connected homes are vulnerable to cyber thieves as well. And you need more than a password to keep your identity and data secure. The Federal Trade Commission (FTC) estimates that nine million Americans have their identity stolen each year.
How do you protect your smartphone and the information on them?
- Set a passcode. Smartphones allow you to set a digital “lock” to help prevent random people from using your phone. The passcode to unlock the phone could be a PIN code, password, pattern or biometrics login (such as your fingertip or face scan).
- Auto lock your phone. Set your phone to lock after 15 seconds of not being used to help prevent people from picking it up and using it when you’re not looking.
- Create a complex password. Your first line of defense is a strong password, one that combines letters, numbers and symbols.
- Use two-step authentication with applications. Turn on two-step authentication for apps like Gmail, Facebook and OneDrive. Two-step authentication requires the password and a separate code sent to the owner to gain entry.
- Seek backup/wiping services. Not having these services is one of the biggest mistakes smartphone users make, says Fiorentino, adding that they're easy to get through the phone's manufacturer or your wireless provider. A backup program sends data on your phone to a secure server where you can retrieve it. A wiping program erases information from your phone if it’s lost or stolen.
- Install security/antivirus software. Treat your smartphone like you would your home computer, Fiorentino says. Install security software that contains an antivirus, and be diligent about downloading updates as they're available.
- Be careful of “public” and “free” Wi-Fi. It's tempting to connect your smartphone to free wireless data whenever it's available, but it's not always safe. Unsecured networks — be it at coffee shops or airports — make it simple for hackers to also connect to your device. If you must use an unsecured wireless network, try a VPN tool, such as TunnelBear, to browse the web.
- Only download apps from trusted, reputable sources. We spend nearly 3.5 hours per day on our phones, so it's tempting to download an app at every opportunity. Protect your data by avoiding custom apps; instead, stick to downloads from verified sources. Apple's App Store and Android's Google Play use a vetting process before allowing apps to be sold on their mobile platforms. Remember, free is not free. Your personal data is a valuable currency that often “pays” for the free apps.
- Stay smart around SMiShing scams. The more that users spend on their mobile devices, the more those devices are targets for scammers using SMiShing. SMiShing is a scam conducted using SMS or text and phishing, where users get authentic-looking texts that appear to be from their banks or other services. In both cases, block the numbers or the emails and never click on a link in a text or email or reply back to the sender.
- Don't ignore updates. Installing software updates can seem cumbersome at times, but skipping available updates leaves devices more vulnerable to cyber-attack. As hackers refocus their efforts on smart technology, it's even more important to install the latest version and avoid a breach. Even better, set your device to auto update your system software and applications.
- Share data wisely. Often, apps ask users to input data that can be especially dangerous during an online security breach. Avoid sharing birth dates, addresses and other personal information that hackers could use later.
- Prepare for the worst. If you lose your smartphone or it is stolen, your personal data may be at risk. Turn on Apple's Find My iPhone or Android's Device Manager so you may track the phone's whereabouts and delete data as soon as possible. If your phone is missing, call your carrier as soon as possible to report that it's been lost or stolen, and have your data wiped. If you think you're a victim of identity theft, Fiorentino advises taking these three steps:
- Place a 90-day fraud alert on credit reports,
- File a police report, and
- File a fraud affidavit with the Federal Trade Commission.
And remember, back up your phone’s information regularly through a computer or the cloud but use your home network or your mobile connection to make sure your data is not stolen during the transfer. This will allow you to restore your information if needed. The Identity Theft Resource Center offers more tips on smartphone security.