Steps to Protect your Mobile Device

Minimum Basic Configurations to protect your mobile device.

What are some basics, which cost nothing, to protect your personal health information on mobile devices?

Physical mobile threats

Smart phones and tablets carry a significant portion of our digital identities. ?Defending against casual attempts to get at personal data on a smart phone (as opposed to attempts by law enforcement, sophisticated criminals, or state actors) is fairly straightforward.

First, if you're not at home, you should always lock your device before you put it down, no exceptions. Your phone should be locked with the most secure method you're comfortable with—as long as it's not a 4-digit PIN, which isn't exactly useless but is definitely?adjacent to uselessness. For better security, use a password or a passcode that's at least six characters long—and preferably longer. If you're using facial recognition or a fingerprint unlock on your phone, this shouldn't be too inconvenient.

Second, set your device to require a password?immediately?after it’s been locked. Delays mean someone who snatches your phone can get to your data if they bring up the screen in time. Additionally, make sure your device is set to erase its contents after 10 bad password attempts at maximum. This is especially important if you haven't set a longer passcode.

Also, regularly back up your phone. The safest way to back up data if you’re concerned about privacy is an encrypted backup to your personal computer; however, most iOS device owners can back up their data to iCloud with confidence that it is end-to-end encrypted (as long as they have iOS 13 or later). Your mileage will vary with different Android implementations and backup apps.

Along the same lines, make sure you have installed the most recent version of the phone OS available to prevent someone from taking advantage of known security bypasses.

Other mobile threats

Physical security is only one aspect of security. There are other areas to address, including software and network threats.

For instance, apps (and the devices themselves) can be used to track device owners in disconcerting ways, despite their manufacturers’ countermeasures—and those apps can leak information accidentally (or purposefully) over local wireless networks, the cellular network, or Bluetooth.

Side-loaded apps can also lead to security issues. Never side-load an app from an untrusted source or allow an iOS app that requires a “profile” to be installed on your device if the app isn't one you've created or one provided to you by your employer’s mobile device management (MDM) platform. (For privacy purposes, you should avoid MDM altogether on a personal device, unless you’re using it to lock down your kids’ devices.) There are several “fake app” scams that involve tricking people via social engineering into going to websites that resemble app stores, and these schemes almost always end in the loss of thousands of dollars and massive privacy exposure.

To mitigate such vulnerabilities via apps, regularly review the permissions that applications request from the device. Some apps want to collect location data even when they’re not in use (hello, Uber!), and not every app developer has a sterling data privacy history. Avoid apps with sketchy permission asks, and deny anything that seems like overreach—like when Facebook Messenger asks to be your SMS client and then logs all your phone calls to your Facebook account so it can find “friends” for you more efficiently. (Also, for the love of God, don't use Facebook Messenger.) And if there are apps that you don't use, delete them. Apple’s iOS does this if it’s so configured, but only if the apps are not running in the background.

Besides issues that arise from questionable app behavior, mobile devices can be vulnerable through normal functions like Wi-Fi or Bluetooth. Consider turning off Wi-Fi when you’re away from home. Your device may otherwise be constantly polling for the network SSIDs in its history to reconnect automatically or to connect to anything that looks like a carrier’s Wi-Fi network. When this happens, your device gives away information about networks you’ve seen and might allow a hostile network access point to connect. Also, your phone's Wi-Fi MAC address could be used to fingerprint your device and track it. (Apple randomizes the MAC address of its iOS devices’ Wi-Fi adapters while scanning for networks—but if your home Wi-Fi network’s name is particularly memorable, that may not matter.) When your phone tells you to turn on Wi-Fi to improve location accuracy, ignore it.

The same goes for Bluetooth. If your device has Bluetooth turned on, it’s broadcasting information that could identify it—and you. (I have demonstrated this to journalism classes by calling out students' names that I picked out from the default names of their iPhones.)

Along those same lines, name your device anything other than [Your Name]’s iPhone. Your phone's network name is broadcast all around you, and it's like holding up a beacon saying "Hello, my name is..."

Personal computers (and web browsers)

• The operating system is not up to date or patched with the latest security releases
• Usually, malware gets in because it was installed by the computer user, either accidentally or deliberately. I don’t mean that users intentionally install malware but rather that they click on something they think is legitimate and give it whatever permissions it asks for.
• Sometimes the malware is in a malicious web advertisement—either served up by a marginally funded website or something that sneaked into legitimate ad networks. An older or misconfigured web browser is typically involved in these cases.
• A router, server, or other device with an Internet-facing connection is compromised because it has a vulnerability that had not been patche. A large percentage of targeted ransomware attacks use recently patched infrastructure and server application vulnerabilities to get a foothold.
• A remote access application is poorly secured or had a known bug.
• In very rare cases, someone gets physical access to the PC and is able to install something bad—or steal the machine outright. Theft of notebook PCs is a real risk while you’re traveling, and if your computer is in sleep mode and doesn’t have strong on-wake login protection, your data could easily be exposed to anyone who lifts the lid.

Another easy way to minimize threats to your PC, first and foremost, is running the most recent fully updated version of the operating system of your choice. When an update is pending, stop what you're doing and?install it immediately. Yes, this can often be inconvenient. Welcome to the modern world of malware

All modern operating systems have a built-in firewall, and it should be turned on, no exceptions.

In the event that your physical device is compromised, you can minimize damage by caring for your actual data. To prevent all types of data loss, back up your data—in encrypted form and offline (either locally or in the cloud) so that ransomware doesn’t get the backups, too. Keep multiple backups just in case, because if your latest backup contains the compromised or encrypted files, it's useless.

Make sure your antivirus protection is up to date and enabled. This is especially important on Windows, which is the operating system targeted by the majority of threats.

Just as a phone's solid unlock password prevents data theft, the same is true of enabling password or PIN protection on your notebook computer for sleep mode. When traveling in high-risk areas like airports, power-down your computer when it’s not in use so that the risk of someone playing “Evil Maid” or surreptitiously gaining access in some other physical way is reduced.

Wi-Fi access points and routers that support firmware or software updates add another layer to the security of your devices while web browsing.

Much of this information was a sourced article Sean Gallagher October 2021

https://arstechnica.com/features/2021/10/securing-your-digital-life-part-1/?utm_source=pocket-newtab