10 Steps to Secure Your New Phone

During the holidays, it was estimated that more than 20 million Americans found themselves on the receiving end of a new mobile device!  What an exciting thought, considering that these new 2012 users are the equivalent to one-third of all smartphone users in 2010 alone.  Growing up, we learned the value of waiting at least a day before breaking a new toy the day we got it.  While you’re not likely to break one of these 20 million mobile devices the first day, the odds of it getting stolen or compromised due to weak security will increase as the holiday memories grow more distant.  Fortunately, there are some great “day one” precautions you can take and there is a new resource on the web to help guide you.

The FCC has launched a webpage called the Smartphone Security Checker.  The agency partnered with government and private groups to offer a brief yet succinct series of security steps that every mobile owner should follow – whether the device is your new gift or your tried and true workhorse of a phone.  If you think this is just another site that will talk about some device other than yours, you’ll be surprised to find that the Android, Apple, BlackBerry and Windows Phone are all covered individually – so really, what are you waiting for? Each device link is granular, but all have the same theme of the top ten important security steps you should take:

1. Set a phone password, including the SIM. Truly one of the easiest things to do, yet studies have shown only about half of mobile users do this.  For a good password (and what is not) for both, refer to this past blog post.

2. Don’t jailbreak. One of the surest ways to throw away a phone’s built-in security is to “root” or “jailbreak” your device.  This is a hacker’s game and not for the average user. The attempted benefits don’t outweigh the gain, not to mention the myriad of contract and warranty violations you will be performing.  In short, it’s not broken so don’t fix it.

3. Backup data. If your PC days haven’t taught you this already (or you’re too young to know what PC stands for), be sure to backup your data on a regular basis.  Gone is gone and today with the cloud and a host of other low-cost if not free options, this is easy to do.

4. Know where your apps come from. Free and cool apps are tempting, but knowing where they come from is important.  Stay on the “main road” and only get apps from trusted sources.

5. Understand permissions. This is not the easiest piece of advice for mobile security because for most of us when our phone asks us a question the answer is usually “yes.”  Years of clicking “OK” and agreeing to every license agreement under the sun without reading them has not created a very skeptical culture.  This varies from phone to phone, so educate yourself on what your applications are trying to do.

6. Install security apps that find your phone and can wipe it. Almost as easy as setting a password, these applications come in a variety of forms and many are free.  Make this the first application you download.  Much like insurance, you may never need it but you’ll be glad that you did.   As a side note, the earlier suggestion of putting a password on your SIM was mentioned.  This is critical because even when you wipe your phone, a thief can still use the SIM to make calls and receive messages.  A strong SIM password makes this impossible.

7. Accept updates and patches. Not contrary to the permissions advice above, but your application and phone operating system “call home” often enough to know when there is an update available.  While you may not see anything new and cool change on your phone, many of these updates add security where none was needed (or existed) before.  If you are worried about this affecting your data plan, wait until you are connected to a secure network and do the updates from there, you’ll be glad you did.

8. Beware the WiFi. Notice above the phrase “secure network” was used.  This is either your home network or your own MiFi.  Public WiFi networks used without encryption can be a dangerous place (we are not alone), so use a secure network or your own phone’s data plan as much as possible.

9. Wipe your phone data before saying goodbye. With the many new devices arriving this holiday season, you are likely getting rid of the old.  Remember that while it may have served you well, your phone did much more than make calls for you and in fact it probably recorded a lot of your history along the way.  It’s always a good practice to wipe the data off of laptops, thumb drives, external drives and clearly mobile devices before donating, selling or properly disposing of them.

10. Report a stolen phone. You may be thinking, “Wow, I’ve already backed it all up, set passwords, have a remote find and wipe application, now why do I need to report my phone stolen?”  A good question, so here’s the good answer.  This was an asset purchased by you (or as a gift to you), so why should a thief make it their own, even if they can’t see your data?  Contact your local law enforcement and register with your wireless provider that your device is lost or stolen.  This of course means that somewhere else – not your phone – you should have the relevant serial number information saved.  This will permit the providers to “brick” your phone, and that’s what it will be: about as useful as that holiday fruitcake that arrived yesterday.  Score one for the good guys.

If the 20 million new devices of this holiday season could be secured according to these ten steps from the FCC, can a happy new year be guaranteed?  Hard to say, but certainly by taking these precautions all mobile device users can safely enjoy a valuable technology in their lives.  Why wouldn’t you secure it?

About the Author:

John Ceraolo is the chief security officer at 3Cinteractive where he directs the organization’s enterprise risk management, business continuity, and information security. Ceraolo has been leading security initiatives within global organizations for over 20 years.