Phone Privacy: Securing and preventing unauthorised access to data

Phone Privacy: Securing and preventing unauthorised access to data

Mobile Phones are an integral part of our lives and contain significant bits of information that might post as security concerns. This brings us to the current online buzz on whether Michael Palmer or Laura Ong had lost their mobile phones and thus resulted in the sudden response for quick damage control.

Mobile phones contain a wealth of information, not just about the user but also potentially friends and family as well. A lost mobile phone can result in the compromise of confidential and personal information. The basic form of security is the passcode or lockscreen. Once passed that, most people do not bother with a second layer of encryption and if left uncontrolled, danger access points include emails, photos, and documents stored on the phone. The more we rely on our phones to transact our personal financial business, the more we’re all exposed to mobile security pitfalls: little-known threats to everything from your online banking password to your credit card details. There’s a lot of talk on 2-factor authentication but for those that used SMS as the second layer, well, it is compromised as it resides on the phone as well.

Improving Password / Passcode Security

First and foremost, set a password. Without a password, anyone within an arm’s length can swipe your phone and start reading your email, text messages or listen to your voicemail. Setting a password is the first line of defense, and only takes about 30 seconds.

Next up, set a more SECURE password. Just the basic 4 digit combination on an iPhone is not good enough and just introducing 1 number more for a password combination makes it significantly much harder to crack. This is the same for Android with their swipe pattern lock. Most people stick to the bare minimum and a few standard shapes. In contrast, a numerical passcode lock is harder to see.

For specific services like Google or Dropbox,2-factor verification is an option that could be enabled for even tighter security. This adds an additional layer to your security blanket so that access to your Google account and all its services requires your phone SIM card as well.

googletwofactor

Installing a Security Program

There are many programs out there that would help you get back your phone should you lose them. Typically, the programs will turn on your GPS, and report it’s location to you from a web-based interface. It can also take a photo of whoever is uses the phone and send it to you. If your phone is rooted, the program will be even harder to be detected and removed. It also allows you to erase all your data. I recommend Cerberus.

Saving of Passwords

While it might be apparent that one should not save or store passwords, remembering passwords become an issue with so many different website and services that require secure access. Therein lies the importance of a password manager such as LastPass (Free). LastPass resolve the password fatigue problem by centralising user password management in the cloud. So if you were to lose your phone, you could just change the single LastPass master password, kill all other sessions and this should be able to previous unauthorised access to your services. Still, as a large of our account information is stored at a very low system level, such as email, Google accounts etc, it would be good to reset those passwords once you have discovered that your phone is missing.

Taking Compromising Photos

Don’t take them! If you do need to take them, at least hide your data… which brings us to:

Encrypting your Data

Most phones don’t yet ship with built-in, system-level encryption for data stored to the memory card. There are 3rd party software options that allows you to secure specified files but it’s not very user friendly either. While it’s true that you can’t secure the entire card completely, you can encrypt certain files, or even entire folders—basically anything that you want to keep safe from prying eyes in the event that your phone becomes lost or stolen. These applications work by making an encrypted copy of the original, then requiring a PIN to open your encrypted files. The catch is that you’ll have to pick and choose what’s important enough to get encrypted, and what’s “normal” enough to be left alone. If you were to encrypt your entire pictures folder, for example, you’d no longer be able to view them in Android’s gallery app without decrypting them first, and that can get very tedious.

Checking for Spyware

Spyware might sound like something out of a detective story, but it’s much more like something out of a horror story if you end up with it on your phone. Without a password people can (and do) download spyware onto your phone and track your phone usage, text messages, location and banking activity, among other things, without your knowledge. In the Android Market or iTunes store, search for ‘mobile security,’ and download a free app that will stop you from inadvertently downloading viruses onto your device. Try avast! Besides being an anti-virus programme, it comes with anti-theft functions like cerberus as well (but not as comprehensive) .

Stay Wise

While the above are methods that could help secure your phone, they are all also not entirely foolproof. Always remember that Shit Happens and that your phone can get lost or stolen. So limit the extent of data that your phone keeps, no confidential stuff etc and you probably wouldn’t end up in the news.