As mobile devices continue to increase in popularity, many consumers use them as their primary means of communication. These hand-held devices, which are equipped with increasing amounts of processing power and data storage capability, are not only used for written and verbal communication, but also for taking high-definition photos and video, conducting financial transactions and transmitting health data. Therefore, ensuring this information is adequately protected is critical, but often overlooked.

How can you protect your mobile data and stay one step ahead of the hackers?
Start by enabling a pin or biometric screen lock. This lock will prevent a casual user from accessing the contents should you lose your phone. Apple iOS 9 now defaults to a six-digit pin instead of four digits. Adding two extra digits make guessing the pin much harder (i.e., 1,000,000 possible combinations versus 10,000 with a four digit pin). For additional security, you may also opt to use a longer alphanumeric pass phrase. Many new phones also give the option for biometric (fingerprint) authentication.  

Another crucial step is to ensure you are using full disk encryption. Consumers will sometimes confuse having a pin or password on their phone and encrypting their phone — they are not the same. While an encrypted phone requires a pin or password, it is possible to have a pin screen lock on an unencrypted phone. An unauthorized user may be able to access information stored on an unencrypted phone (plugging the phone into a computer with specialized software) without knowing the pin or password. Encrypting your phone and using a strong password prevents this type of attack. Apple recently began encrypting their software by default in iOS 8, and Android in 6.0 Marshmallow.

What about Wi-Fi?
Be careful using your mobile device in public Wi-Fi hotspots. While users may opt to use a public Wi-Fi hotspot to reduce data usage on their mobile plan, they should be aware public Wi-Fi is inherently insecure. If you choose to use such a connection, attempt to verify the hotspot is legitimate. Ask the owner of the business for the network name. Be mindful that it is trivial for a malicious user to create a wireless network with the exact same name, making it difficult to verify the authenticity. Next, use a virtual private network (VPN) to protect your data from an attack on this local network.

Keep your software up to date
Another area of importance is keeping your mobile device's software up to date. Both the phone's operating system and individual applications should be updated to reduce the risk of software vulnerability exploitation. On iOS devices, you should be automatically prompted when a new version of iOS is released. On most Android devices, users will need to wait for their wireless carrier to make updates available to them.

Both iPhone and Android have a "find my phone feature." Enable this feature to help find your device if it is lost. Both services will allow the owners to locate their device, play a sound on the device, and remotely lock and erase their device.

Learn more about CNA's Cyber Liability products or please contact a CNA representative to pinpoint your risk areas that are becoming more and more vulnerable in the context of today's emerging technologies.