Secure Your Data on Your Mobile Device

Mobile health apps provide access to your confidential information and medical history. Moreover, mobile devices have become very common in health care settings. Although having the convenience of having everything in your hands, it can introduce additional risk concerns, which can leave you exposed to attacks that can cost money, identities, time, and reputation. Securing your device can help prevent that from happening.

On this page, you can learn how to protect your mobile.

Enable a lock screen and password

Enabling a lock screen and password on your mobile is one of the best ways of keeping your mobile secure should it fall into the wrong hands. This means that, anytime you try to access your mobile, you’ll need to enter a password (or do something similar, like scan your face or fingerprint) to access it.

Another advantage of this feature is that it allows you to enable your mobile to lock automatically after a certain point. If you leave your mobile on (say at a table at a coffee shop) cyber criminals won’t be able to easily access it – it will just lock automatically.

It’s also important to be vigilant when using your mobile in public places. Never leave your mobile unattended. Cyber criminals could easily access it to gain whatever information they need about you.

Be aware of your surroundings

Do not perform sensitive tasks in public areas, such as restaurants, coffee shops or public transportation, where there is opportunity for strangers to shoulder surf (that is, see over your shoulder) or eavesdrop (that is, listen to the conversation).

Create strong passwords

Passwords help protect your personal information from potential online threats. And the stronger they are, the more secure your information will be. The latest recommendation is to use passphrases, as they are longer yet easier to remember than a password of random, mixed characters. When possible, create a passphrase: a combination of four or more random words, and a minimum of 15 characters. You should never use personal information (like a pet’s name) that could be easily guessed or found on social media.

If a passphrase isn’t an option, complex passwords that are unique to every account and device can also make it more difficult for cyber criminals to access your accounts and devices. Unique passwords are an important step to protect all of your accounts in the event of a breach. Plus, you can always try a password manager if you’re having trouble remembering multiple passwords. If available, enable biometric authentication like fingerprint or face recognition.

Use multi-factor authentication (MFA)

After creating a strong password or passphrase and storing it in your password manager, it’s time to add an extra layer of security to your accounts. Multi-factor authentication (MFA) does this by requiring an additional step to verify your identity beyond your password or passphrase. This might look like a code sent to your phone or email address, a thumbprint, facial recognition, or even a token.

Do not share your mobile with others

Your mobile stores personal and confidential information. As such, you should not share your device with any parties that would not otherwise be authorized to view the data.

Never “jailbreak” or “root” your device

These are terms for overriding software and security protections on your device. Doing so, leaves the device vulnerable to attacks.

Be wary of free Wi-Fi

Cybercriminals can intercept communications (for example, read/listen/see the information you’re accessing) on free Wi-Fi networks, common to restaurants, hotels, airports.

You can reduce your risk by using a trusted Virtual Private Network (VPN) and avoiding using public Wi-Fi for sensitive transactions.

Delete emails, images, documents and other content when no longer needed

In case of a mobile device theft or loss, these items will be potentially accessible to anyone capable of bypassing the device’s security mechanism. To prevent unauthorized disclosure of sensitive information, mobile devices should not be used to store personal or private information.

Keep your apps and mobile up to date

In order to take advantage of the latest security features, enable automatic Operating System (OS) and software updates. Ensure that the updates are received from legitimate sources (for example, Google Play or Apple App Store).

Be aware of Phishing

One of the most common threats to your information and device is phishing – fraudulent emails, texts, social media messages, banners and even phone calls.

These messages often ask you to log in somewhere, verify an account with information only you know, or threaten you. They might even try to convince you to download malware. Cyber criminals will say anything to convince you that they are a legitimate company or person to get you to release your personal data to them or to download their malware. Reputable companies will not ask you to disclose personal information via an email or text message.

Also be wary of links in email and text messages, attachments, and QR codes, that can take you to fake sites to steal your personal information or infect your device with malware when clicked, opened or scanned.

When in doubt, contact the person/company by another way of communication. For example, if you received a suspicious email, call the person, and use the number you have or got from their official website not the one mentioned in the email or message.

Watch out for untrustworthy apps

Avoid downloading apps developed by companies that provide little to no information about their organization. A reputable company should provide contact details, a website address, or email information. Only download apps from trusted sources, like the App Store or Google Play.

Before installing an app, make sure to review the permissions. Use your common sense to check if its functionality lines up with the permissions it’s requesting. When possible, only enable the permissions you’re comfortable with.

Disable Bluetooth and NFC when not in use

These can be exploited for unauthorized access if left on unnecessarily.

Enable remote wiping

If your phone is lost or stolen, you’ll be able to wipe all of its data remotely. Deleting the data will prevent strangers from accessing it.

Encrypt your device

If it’s not already the default, consider encrypting the data on your device. Encryption can help reduce information theft by making your data unreadable in case your mobile is lost or stolen.

Report loss or theft of your mobile device immediately!

If you have lost your mobile device, report it immediately to your organization.