With so much personal data stored in today's smartphones, it is especially important to be proactive in protecting yourself and your information.
Malicious apps put your device and personal information at risk. You should treat your smartphone as you would your desktop. Apps remain the most common way your phone and data stored in it can be compromised, so be discerning and responsible with the apps you choose to download. While there is no fool-proof method for avoiding malicious apps, here are some tips to help keep your device and personal information safe.
- Be leery of paid apps being available for free from an outside website — App developers do occasionally discount the price of their app, but usually do so within the official app store. A free app offer on an outside website should be a red flag that the app is not legitimate and is probably malicious in nature.
- Knock–off apps may have a hidden motive — Once an app becomes a hit, it's almost guaranteed that imitation apps will flood the marketplace. Some of these apps are just trying to steal downloads from the hit app, but others may be trying to infect your device or steal personal information.
- Check the downloads and reviews — Use the additional feedback given by fellow consumers to see if an application is living up to the developer's intentions. An app with a lot of downloads, high ratings and positive reviews will usually indicate an app is meeting expectations. An app with fewer downloads, low ratings and complaints can signal a questionable app.
- Review permissions — Be aware of what parts of the phone you are giving the application access to and make sure you are comfortable with granting the access. If something doesn't seem right, don't download it. Your smartphone contains a lot of sensitive information; it's important to be proactive and protect that information.
- Use apps to evaluate your apps — There are a number of security applications out there to help you. Apps like NQ Mobile Security, Antivirus Security by AVG and Lookout Security & Antivirus scan applications for malware and viruses. Online Privacy Shield and Clueful apps are designed to help you evaluate permissions by identifying how applications are using your personal information and rates the potential risk as high, moderate or low.
The most common response to security breaches is "change your password." You may tire of hearing this and ignore the requests to do so, but a strong password that's changed regularly remains the best security measure. Follow these password tips:
- Create a strong password
- At least eight characters long
- Does not contain your user name, real name, or company name
- Is not simply one complete word or something obvious (birth date, phone number, company name, user name, or successive numbers such as 123456 or 000000)
- Is significantly different from previous passwords
- Contains characters from each of the following categories
- Uppercase letters
- Lowercase letters
- Symbols found on the keyboard (~ ! @ # $)
- Use a unique password whenever possible, especially for services that have access to sensitive information like bank accounts, shopping sites and email accounts. Using the same password across the board puts all of your accounts at risk if one service is compromised.
- Change your passwords on a regular basis. Passwords are often stolen without the knowledge of the victim, and stolen passwords often aren't used immediately. Even if you're not aware your password was stolen, if you change it periodically you may protect yourself before a thief has an opportunity to use it.
To protect private data on a device in the event that it is lost or stolen, Cellcom encourages customers to do the following:
- Lock handsets with a pass code to prevent access and use of the device.
- For smartphones, use a mobile security application. A number of applications have features to locate, lock or clear personal information from a missing cell phone.
- Back up photos, videos, contacts and emails that you would want if your phone ever went missing. Save them to your computer, a USB drive or cloud service.
In the event that your phone goes missing, Cellcom suggests the following action steps:
- Contact Cellcom's customer care immediately in the event that a device is lost or stolen. Customer care can suspend service to the phone to prevent use of existing service on the line and review options to temporarily or permanently replace the device.
- If you believe your phone has been stolen, contact the police to file a report. Cellcom works with local law enforcement officials on cases related to cell phone theft.
- Use your mobile security to lock, locate and erase the private data on your device. Remember that safety should be your number one priority, so please do not try to recover your phone on your own.
Your mobile device is subject to a wide array of scams through calls, text and emails. Being aware of what's true and what's not plays a large part in being a responsible citizen of the digital world. At Cellcom we're constantly monitoring for scams and will alert customers to widespread threats, but it's important to be cautious.
- Never give out your personal information to an incoming caller. This includes your social security number, credit card number, passwords or banking information. A legitimate business will not initiate a call and ask for this information.
- Don't trust the caller ID. Spoofing scams are commonplace and can make calls appear to be from a local, familiar number. If you don't know the number and are not expecting a call, it can be helpful to screen calls by letting them go to voicemail. If no voicemail is left, we advise to not call the number back as the owner of the number is not the one originating the phone call and the owner of the number will have no knowledge of the call.
- If you receive an "urgent" voicemail, text or call about an account, defer to the phone number on your statement to check your account status. Do not call the number that is in the message or provided by the caller. If you’re on a call and have suspicions, ask for a call back number and investigate further online before continuing the conversation.
- Learn to recognize the signs of telemarketing fraud. Telemarketers must provide the following information:
- Identify it as a sales call;
- The name of the seller;
- What are they selling (before they make the pitch).
If a caller doesn't give you this information, say, "no thanks," and get off the phone. Also, the law only allows telemarketers to call between 8 a.m. and 9 p.m. If you receive a call outside of these hours, it may be a red flag for telemarketing fraud.
- Register your phone number. To avoid telemarketers and potential scammers from calling, you can register your phone number on the National Do Not Call Registry by going to donotcall.gov.
- Limit exposure of your mobile phone number. Think carefully before posting your mobile phone number to a public website. Attackers can use software to collect mobile phone numbers from the web and then use those numbers to target attacks.
- Block phone numbers. If you continue to receive unwanted calls from a recurring phone number, consider blocking the number on your iPhone or Android.
- Do not follow links sent in suspicious email or text messages. Such links may lead to malicious websites.
- Do not open attachments that you are not expecting or from unknown sources. These attachments can contain harmful viruses.
- You can report phone scam attempts to the FCC. Remember, these scam attempts can affect all types of phone lines on any carrier. Scammers constantly find new ways to circumvent systems in place, so it's important to be alert to new and changing threats.
Consumers are increasingly using mobile phones for capabilities formerly available only on PCs. The bulk of mobile phone security relies on the user making intelligent, cautious choices. Even the most careful users can still fall victim to attacks on their mobile phones. However, following best practices from the US Department of Homeland Security for mobile phone security can reduce the likelihood or consequences of an attack.
- Configure the device to be more secure. Smartphones have a password feature that locks the device until the correct PIN or password is entered. Enable this feature, and choose a reasonably complex password. Enable encryption and remote wipe capabilities, if available.
- Configure web accounts to use secure connections. Accounts for certain websites can be configured to use secure, encrypted connections (look for "HTTPS" or "SSL" in account options pages). Enabling this feature deters attackers from eavesdropping on web sessions. Many popular mail and social networking sites include this option.
- Carefully consider what information you want stored on the device. Remember that with enough time, sophistication, and access to the device, any attacker could obtain your stored information.
- Disable interfaces that are not currently in use, such as Bluetooth, infrared, or Wi-Fi. Attackers can exploit vulnerabilities in software that use these interfaces.
- Set Bluetooth–enabled devices to non–discoverable. When in discoverable mode, your Bluetooth-enabled devices are visible to other nearby devices, which may alert an attacker or infected device to target you. When in non-discoverable mode, your Bluetooth-enabled devices are invisible to other unauthenticated devices.
- Avoid joining unknown Wi-Fi networks and using public Wi-Fi hotspots. Attackers can create phony Wi-Fi hotspots designed to attack mobile phones and may patrol public Wi-Fi networks for unsecured devices. Also, enable encryption on your home Wi-Fi network.
- Delete all information stored in a device prior to discarding it. Check the website of the device's manufacturer for information about securely deleting data. Cellcom will also assist you to securely wipe your device before it is traded in or recycled.
- Use third-party services for encryption on your PC. If you wish to encrypt phone data when it is backed-up to your PC, use third-party software.
- Download mobile security applications. Utilize applications available from app stores for anti-virus protection, app assessment and remote wiping capabilities.
Today's kids are using wireless at early ages to do everything from keeping connected with family and friends to using applications for education and safety to entertainment. With technology so ingrained in everyday life, it is more important than ever to educate yourself and talk to your kids about being safe.
- Educate yourself — Parents are the first line of defense and the best resource in protecting kids from the dangers of cyberspace, so it's important that you educate yourself. Know how your kids use wireless devices; ask what apps and features they're using on their phone. If you need to learn to use your own device better, ask your favorite Cellcom associate.
- Set rules — Laying groundwork for when and how kids can use their phone can help them make better decisions. Set clear limits in regards to where they are allowed to go on the Internet, who they may have contact with, and what information they can share. Sharing personal information like name, school, location and age should be strongly discouraged because information posted is a lot more public and permanent than it seems.
- Check settings — Review the settings on a child's smartphone and social profiles to see what information is being shared publicly. Know that location settings can be turned off on all smartphones and most social networks have privacy controls that should be used.
- Monitor — Built-in features like Restrictions for iPhone® and apps like My Mobile Watch Dog for Android™ allow parents to monitor Internet use, restrict app downloads, define usage times and more. These features and applications are great ways to reinforce rules that are already set.
- On iPhones, parents should visit "Restrictions" menu on their child's phone. This allows a parent to create a pass code on their child's device and set restrictions on the use of the Internet, camera, app downloads and more. You can also block specific websites, apps that might not be age-appropriate and access to location information.
- On Android devices, apps like my Mobile Watch Dog similarly block applications, limit websites and control the times that phones can be used, and let you monitor SMS and picture messages.
- These features and applications are ways to reinforce rules that are already set. It's important to have discussions with your children to make sure they know what's right and wrong and know what you may be blocking or watching and why.
- Talk about it — It's important to have discussions with your children to make sure they know what's right and wrong and know what you may be blocking or watching and why. Keep the lines of communication open and let your child know they can come to you if they see something inappropriate online.
- Remind, remind, remind — It's very easy to get caught up in the moment. Sharing is often an instantaneous reaction, so remind your child to make an effort to stop and think before posting. They should never share anything that could hurt or embarrass themselves or others. Remember once something is shared, it is out of their control whether someone else will forward it.
Wi-Fi hotspots in public places are convenient, but often not secure. If you connect to a Wi-Fi network and send information through websites or mobile apps, it has potential to be accessed by someone else.
Encryption is the key to keeping your personal information secure online. Encryption scrambles the information you send over the internet into a code so it's not accessible to others. When you're using wireless networks, it's best to send personal information only if it's encrypted, either by an encrypted website or a secure Wi-Fi network. An encrypted website protects only the information you send to and from that site. A secure wireless network encrypts all the information you send using that network.
The Federal Trade Commission offers these tips to protect your information when using public Wi-Fi:
- When using a hotspot, log in or send personal information only to websites you know are fully encrypted. To determine if a website is encrypted, look for https at the start of the web address (the "s" is for secure). Look for https on every page you visit, not just when you sign in. If you think you're logged in to an encrypted site but find yourself on an unencrypted page, log out right away.
- Unlike websites, mobile apps don't have a visible indicator like https. Researchers have found that many mobile apps don't encrypt information properly, so it's a bad idea to use certain types of mobile apps on unsecured Wi-Fi. If you plan to use a mobile app to conduct sensitive transactions — like filing your taxes, shopping with a credit card, or accessing your bank account — use a secure wireless network or your phone's data network. If you must use an unsecured wireless network for transactions, use the company's mobile website rather than the company's mobile app, so you can check for the https at the start of the web address.
- Don't stay permanently signed in to accounts. When you've finished using an account, log out.
- Do not use the same password on different websites. It could give someone who gains access to one of your accounts access to many of your accounts.
- Many web browsers alert users who try to visit fraudulent websites or download malicious programs. Pay attention to these warnings, and keep your browser and security software up-to-date.
- Consider changing the settings on your mobile device so it doesn't automatically connect to nearby Wi-Fi. That way, you have more control over when and how your device uses public Wi-Fi. Once you are all done with your web browsing, make sure to log off any services you were signed into. Then, tell your device to forget the network.
- If you regularly access online accounts through Wi-Fi hotspots, use a virtual private network (VPN). VPNs encrypt traffic between your computer and the internet, even on unsecured networks. You can get a personal VPN account from a VPN service provider. In addition, some organizations create VPNs to provide secure, remote access for their employees. VPN options are also available for mobile devices and can encrypt information you send through mobile apps.
- Some Wi-Fi networks use encryption: WEP and WPA are common, but they might not protect you against all hacking programs. WPA2 is the strongest.
Source: Federal Trade Commission
Geotagging is a feature on smartphones that allows the user to add geographical location data to photos, video, tweets or social media status updates. Automatic geotagging can occur on smartphones either because it is enabled by default on the device or the user was asked about enabling this option and then forgot about it. As result, you may share more information than intended about your location when you snap photos with your smartphone and post them online. Geotagging can be a fun and useful feature when you want to interact with specific friends or to tag photos to show where they were taken.
Protecting your privacy
- Geotagging has the potential for misuse. If the GPS option is always on, others can watch your geotags over time to determine where you live, where you work, or observe your routine movements. This could make it easier for a burglary to occur when you are away from home or for predators to track your children.
- When you do not want to publicly disclose your location, consider taking the precaution of turning off the location on your phone to protect yourself and your private information.
- Review application permissions to determine if an application uses your location. If it unnecessarily asks for permission to use your location, you may want to consider not downloading it or disabling the location services for the app.
- We encourage parents to take a look at the settings on their children's phones, too, to help keep them safe.
- To completely disable GPS location finding for all applications, go to Menu>Settings>Location & Security. Uncheck 'use wireless networks' and 'use GPS satellites'.
- To disable GPS for only the camera application, start the camera application and in that menu select 'location' and select 'off'.
- Go to Settings>Privacy>Location Services. From this menu you can either turn off all services that use the GPS with one tap or choose which apps can use your location.