Power users in small businesses and corporate enclaves alike carry their worlds on their smartphones these days. The tiny devices hold passwords, financial information, and the literal keys to the kingdom when it comes to personal privacy and even confidential business information. Secure hardware is invaluable when it comes to protection, but there are more than a few ways users can also lock down their devices to protect sensitive information from finding its way into unscrupulous hands. Some may seem obvious, but the less-apparent options are quickly becoming the favored avenues of hackers and industrial espionage experts alike.
Ditch the PIN
If you think your phone is safe with the four-digit PIN you enabled, think again. There are only 10,000 potential combinations a user could select, and many prefer numbers they can easily remember or the spelling of favorite words on the keyboard, limiting the number of tries an educated hacker needs to crack the code.
If you have to default to standard mobile data recovery due to file corruption or similar issues, you’ll likely find that experts can decode your PIN in moments once they have the phone in hand. Something simple like fingerprints on the screen can help identify which numbers are commonly used.
Toss the PIN entirely and replace it with a secure passphrase that’s at least six letters or numbers long. You don’t need to use special characters or anything that will make it hard to type in your passphrase on the go; just give yourself the added level of protection that 2,176,782,336 possible combinations can provide.
Encrypt Your Data
Just as with a PIN, a fingerprint isn’t enough to secure your mobile device. In the cybercrime world of 2017 and beyond, programs exist that strip all the information off smartphones and then extract the password for easy access from there. Take the extra step to encrypt your information. Most thieves who are actually after your data instead of reselling the phone want to get the information off of it as quickly as possible and then discard the evidence.
Encrypted data cannot be easily downloaded or taken off the phone, even if the device is in hand. The information just becomes a useless jumble of characters unless the phone is unlocked with the proper password. Apple users can breathe easy, as iOS encrypts data by default. Android users with sensitive data on their smartphones can enable encryption under the security options, but it cannot be turned back off without completely wiping the memory of the phone.
Get Malware Detection
Even in the year 2000, you’d never host sensitive information on a computer with online access that didn’t at least have a basic firewall and antivirus software, but many users still lack these basic protections on their modern smartphones. Even some antivirus solutions don’t package in malware detection at the basic level. Find a program that covers all these bases and provides real-time shielding against malware downloads and execution. It could save your credit, job, or business.
Compromise by Users
Similarly, pay close attention to those detection notices. Seemingly innocent apps can host a variety of threats, and intrusion methods get more advanced every day. Admins and cybersecurity analysts spend much of their time trying to avert or undo the damage users can inflict upon business systems in such a fashion.
Avoid compromise by limiting what apps and externally sourced programs are downloaded and installed on your phone. Only use programs from trusted and verified providers. Never, ever install a rootkit or otherwise release the protections on a phone that has sensitive data in its memory. These types of programs are often rife with backdoors and far easier for hackers to infiltrate than standard operating systems.
The Nuclear Option (Erase Data)
Even the latest technology has trouble keeping up in the arms race of cybersecurity. We now know that it’s possible to fool the iPhone X face ID, though we don’t know how many attempts it takes to get it right. Modern operating systems have the nuclear option internally built.
This system erases all data on the phone if a specific number of password attempts fail. The typical number is between seven and 10 attempts. If you’re carrying sensitive financial data, personal or business, get a secure backup source and use it regularly over a secured VPN connection. Enable the nuclear option as a last resort against anyone obtaining and scraping information off your device. Even a seven-character password takes fewer than 9 minutes to bypass with brute force. After 10 tries, however, there’s no point with this option enabled.
Data Safety in 2018
Remember that physical security is always the first and most important line of defense for protecting mobile data. When traveling away from your home office, never let your phone leave your side, and keep it within line of sight, even when handled by customs or government officials.
This is especially important for international travelers, who are wise to create a secure cloud backup and wipe the device before leaving. Download everything again over a secure VPN once you’re set up at the new location, and eliminate the possibilities of unscrupulous foreign or even domestic surveillance and unwanted access to company and personal data. With these protections in place, even the most determined hackers are likely to come away empty handed.