There are at least five things you should know about mobile security for your business IT and technology.
Your mobile phone probably has an option to use face ID for authentication. You can use it to unlock your phone, open financial apps, use credit card programs, and access a variety of different websites.
1. How Face Recognition Really Works
One important thing to know is that the face ID or recognition runs on the phone itself. And once your face is recognized, the username and password that you’ve already stored is transmitted to the website.
In other words, your face isn’t what authenticates access to your Bank of America account. The program on your phone identifies your face and links to a stored username and password that's stored on the phone.
With that in mind, when you're using face ID to access financial data on your phone, don’t connect to a coffee shop or hotel WiFi network. Those public networks can be spoofed, and you could transmit your username and password in such a way that a bad actor could capture it.
Face ID is one of the things that we take for granted because it's so easy and convenient, but keep in mind that you need to be connected to a secure network when using it.
2. Keep Your Device on Secure Networks for Mobile Security
What does it mean to use your device on a secure network? Practically, it means avoiding public WiFi on your phone, laptop, tablet — really any of your mobile devices.
Again, you can't guarantee that a public WiFi network isn’t being spoofed. Somebody could be transmitting that WiFi signal in a way that’s easy to intercept, and in that case, you're not connecting to the real WiFi connection.
This happens a lot in hotel lobbies, coffee shops, restaurants, and places of that nature. It's very easy for somebody to drop a clandestine device somewhere in the area and broadcast the same ID as the real network.
Generally speaking, don’t put your phone on a WiFi network unless you absolutely know that that WiFi is secure.
3. Keep Your Device Locked
Keep your device locked. Make sure that you're using a username and password or your face ID to lock your phone.
Also, set your phones so that multiple attempts with a bad password will wipe your phone. You should have your phone backed up anyway with iCloud or with Google.
Lots of data is stored directly on your phone. Usernames and passwords are stored in the phone and the key chain, your email is stored on your phone.
There's so much data on your phone that it’s important to keep it locked. You need to keep it protected because it's so easy to walk away and leave it laying someplace. And by the time you realize and come back, it's gone.
Also, enable the "Find my Phone" function so that you can geotrack your phone if it is lost. That also gives you the ability to wipe it.
4. Protect Your Device’s Health with Updates & Maintenance
Also, you should only install apps that you need and trust.
There are people who have hundreds of apps loaded on their phone that they don’t use. And those apps are taking up memory and space on your phone, and they could be leaking your information. It's a good idea to only load the apps you need, and apps you can trust. Also, go through your device regularly and delete apps that you don’t use anymore.
Also, don't jailbreak or root your device.
If you don’t haven’t heard that phrase before, jailbreaking your phone or rooting your device means that you unlock it so you can move it to another carrier.
It can also unlock the device’s security so that you can install software that hasn't been properly vetted through the app store. Ordinarily, your phone is protected and can only download apps from an app store. Those apps have been properly vetted and tested to be safe.
We highly recommend not unlocking your device this way.
Also, update your operating system and apps regularly. When that update comes up and it says an update is available, run it. It's not gonna break your phone. The update might change some features or make an app look a little bit different, but there are usually a tremendous number of security fixes that come along with those changes.
To update your apps, go into “update” on your phone and look for applications that need to be updated. Keep them up to date, because the same principles apply. Updates add features, but they also add important security patches.
5. Work with a Proven Mobile Security & Cybersecurity Partner
Finally, an easy way to stay safe is to sign up for our weekly cybersecurity tips. It's a short weekly email with valuable information on a variety of different topics to keep yourself safe.
Another way to stay safe is by partnering with CyberTrust. We have strict mobile security and cybersecurity standards for our business and for our clients.
We carry cybersecurity insurance that allows our insurance carrier to extend coverage to our clients as long as they work with us. They understand how we manage our security and that we will manage client security in the same way. That allows our insurance company to extend coverage to companies that work with us.
We provide business owners with peace of mind because you know that CyberTrust has your back from a cybersecurity standpoint.
Cybersecurity Audit Protection for Small Businesses
The requirements for cybersecurity for small businesses are getting more strict every year. And it can be nearly impossible for some companies to do what they need to do to get through a cybersecurity audit. And that means it’s tough to get a policy issued without a company like CyberTrust IT Solutions making sure that the network is secure.
Also, our clients' customers are having to go through the same level of scrutiny to get their cyber insurance. And then the insurance company is asking about their clients that are touching their data. These requirements are cascading down to all sorts of organizations.
We've had clients in jeopardy of losing their largest client because they can't get through a cybersecurity audit imposed by the client's insurance company. So it's incredibly important that you work with somebody who understands all these concerns and can cover the bases so that you'll be approved.
I'm Doug Johnson, CEO of CyberTrust IT Solutions. Thank you for joining me today as we discuss the five things you should know.