Little by little, they have evolved to become the nerve centre for entertainment, work, administration and a host of other possibilities. Statistically, the average use of these devices in 2024 is 5 hours a day, where 34.7% is spent on social media.
With the increased use of these devices, the number of attacks against them is increasing every year. By 2023 the number of cyber attacks on smartphones was more than 220,000 in Spain, and reached 33.8 million globally. This is 52 % more than in 2022, according to the reputable security firm Kaspersky.
In this context, it makes sense to dedicate a few minutes of our time to carry out a security check of our mobile device. Below, you will find two sections dedicated to this purpose, on the one hand, security configurations that can be made on the device and, on the other, recommendations for day-to-day use.
Cybersecurity settings
Software updates
We could say that it is essential to always have the mobile device up to date, both the operating system and the applications.
Although it can be a bit annoying to wait until updates are applied, it is extremely important to keep the device up to date. These types of actions apply security fixes that have been detected by experts and try to put an end to possible entry vectors to our device. Avoiding this type of updates is exposing all your information to a possible attack, and with a simple action we can avoid it.
Use strong passwords and screen locks
‘Itis true that cybersecurity people are always warning about the importance of passwords, but the absence of a good password can ‘dismantle’ all security.
Setting a secure password for each site or environment is vitally important. And don’t think you have to remember it – indeed, you shouldn’t. Use password managers. Using password managers such as those built into mobile devices is feasible and even advisable with good password use.
Likewise, applying a password for screen locking or even for access to applications is a basic configuration that can avoid many risks, and when we talk about passwords, we also talk about biometrics. Setting up access with your face or fingerprint is just as valid or even better than a password. Moreover, access by these biometric means is often very quick and easy.
Setting up two-factor authentication (2FA)
Two-factor authentication is a fantastic security configuration for access to accounts and resources. It involves double validation of access, usually by entering a one-time code or access approval.
Its operation and configuration is usually not complex, and there are many fairly intuitive tools available for its activation. The level of security implemented with this configuration grows exponentially.
It is important to mention at this point that the configuration of the double security factor via SMS should be avoided. This is because vulnerabilities have been found in this system, and it is much better to make use of applications designed for this purpose.
Anti-malware systems
As with personal computers, mobile devices also have anti-malware applications from well-known security firms. Although the purpose of such applications is to scan your device for malware, they have numerous other benefits.
These applications usually have a ‘suite’ of security options that can make configuration much easier. Options such as anti-phishing, payment protection, anti-theft, etc. can be available and can help us greatly, so relying on these security applications is always recommended.
Enable device tracking
Device tracking is a setting that should always be enabled. In the event of the possible loss or theft of the terminal, this type of option allows us, firstly, to geolocate the device in order to locate it. Likewise, they usually allow us to remotely erase all the information, restoring it to factory settings.
The tracking of the device is usually linked to the registration account, and applying the configuration is a trivial process and free of charge, so it is highly recommended to enable it.
Backing up
Unfortunately, there is always the likelihood of losing the data on our smartphone. Whether due to a malicious act that has rendered the information unusable, or the loss of the device itself, we can lose everything we store.
Faced with this, a very good practice is to create backup copies of the most relevant information. These copies can be made on another physical medium outside the smartphone, or even in the cloud. There are many tools or services that help us with this task, even making it transparent.
Auditing application permissions
Normally, applications are designed to obtain as little permission as possible on the smartphone. Access to the phone’s internal memory, camera, microphone, etc., can be very common in applications and are granted on first use.
Despite this, there are certain applications that may overuse the device’s resources beyond the purpose for which they were designed.
The best way to control this is to audit the permissions of each application and disable those that are not necessary for its use. This can be quite a time-consuming review, but tools such as the anti-malware tools mentioned above can help a great deal.
Installation from known sources
The most common way to install an application is from the device’s official shops. Despite this, we sometimes find application packages outside these shops, or we are even expressly instructed to install them outside the corresponding shop.
This being the case, cybercriminals try to clone the official shops or urge the installation of these applications by other means, where they usually contain backdoors to control the device illegitimately.
Installing such apps is a risk in itself, as no one guarantees a minimum of security in the application, which is the case in the official shops. Therefore, installing applications outside the official shop is not at all advisable.
Encryption
When we talk about encryption on mobile devices, we are talking about trying to alter the information contained therein so that it can only be read by the person in control of the device.
Data encryption in the most current devices is usually a default setting, where we do not have to intervene. Even so, it is necessary to review it and verify that the information is really being protected.
Cybersecurity recommendations
In addition to the aforementioned security configurations, we would like to highlight other types of recommendations related to the proper use of cybersecurity. In these terms, common sense and never trust anything are particularly important.
Avoid public WiFi networks
It cannot be said that all public Wi-Fi networks are dangerous and unsafe, but it is true that they are a fairly common source of problems.
Such networks are very attractive to malicious actors who, relying on the trust of users, deploy them freely. Once connected, it is possible to view everything that passes through them (man-in-the-middle) and obtain information such as credentials or bank details, among many other things.
Therefore, the first recommendation is to avoid this type of network and rely on mobile data connections. Even so, if we have no other alternative, the use of VPN systems is usually a guarantee in these connections, preventing data theft or eavesdropping.
Beware of public charging points
Who hasn’t run out of battery on their mobile? It is always a good idea to have a place to charge your mobile device when your battery is running low.
Well, these types of public connectors are not exempt from being dangerous. They are usually USB ports where you can plug in a cable and charge your smartphone. The problem is that data can also be transmitted through this port, and this is what they use to try to access our device.
There are several solutions to this problem. The first and most obvious is to avoid them. However, there are small USB devices that block the transfer of data. Finally, another option is to use the traditional wall charger.
Caution with NFC and Bluetooth
NFC technology is considered a wireless transfer of information in the same way as Bluetooth or Wi-Fi, but with its own particularities. The most common use of NFC may be wireless mobile payment, but it has many other uses.
This is a particular attraction for malicious actors, with more and more incidents involving micro-payments or unauthorised access via NFC.
For this reason, the main measure to take with this technology is to activate it only when it is going to be used. Likewise, it is important to be careful and to be sure where to bring the mobile phone and activate the NFC, and that it is a reliable and legitimate site.
Something similar happens with Bluetooth; through possible shortcomings in the protocol, it is possible to access a device. It is therefore advisable to deactivate it when it is not necessary.
Spam or malicious calls
We all suffer from annoying calls from unknown numbers. Many of them are spam calls, but others are malicious in nature. Never give out personal information and if in doubt, hang up the call. One option to avoid this is to use call filtering applications.
Another important detail in these calls is that we should never answer with ‘Yes’, but instead use ‘Tell me’, ‘Hello’ or other terms. This is because the call is recorded and with that ‘Yes’ answer (and other data they have) they can sign up for services without consent.
Pay attention to fraudulent messages (Smishing)
Many attacks use the sending of messages (SMS or messaging applications) to try to trick the user. Messages pretending to be from a bank or financial institution are very common and are intended to steal personal information.
In view of this, do not act on them, delete the message, block the source and move on with your life.
Check links from untrusted sources
Somewhat related to the previous point, links to fraudulent websites can be sent to us when we receive emails, when we visit other websites or in text messages themselves. In these cases, it is necessary to always check which websites you visit and, very importantly, what data you enter on them.
Do not Jailbreak or Root
These are techniques to remove the administrative block imposed by manufacturers on devices. On the one hand, having full access to the terminal opens up a world of possibilities and configurations but, on the other hand, it is a ‘loud call’ to any vulnerability or malicious application.
In addition, a rooted device cannot access new updates and security protections from the manufacturer. Therefore, it is best to avoid this type of technique, which is not at all advisable.
A final thought
Finally, we would like to stress the principle of ‘trust nothing and doubt everything’. When we use online services, we must be sure of where we access and enter our personal data.
It is not necessary to carry out an in-depth security check at every step we take, but if we follow some small guidelines or recommendations such as those discussed in this entry, we will be able to surf the net more safely and avoid unwanted situations.
