As Cybersecurity Awareness month comes to an end, Javelin encourages everyone to recognize the cyberrisks related to mobile devices. Most people have a reasonable awareness of good security safeguards for their computer – use antimalware regularly, avoid dodgy websites, and don’t respond to that grammatically torturous email from a Nigerian prince – he probably doesn’t actually have your best interests at heart. There is still a long way to go in many areas, especially around password habits, but the trajectory is headed in the right direction. The same cannot be said for our smartphones and tablets. With mobile devices now ubiquitous, they are rapidly becoming the keys to their owner’s financial lives. From my smartphone, I can access all my online accounts (email, banking, and social networking, to name a few), make payments in stores and online, send money to friends, even open new banking accounts. More than that, for the security-conscious, smartphones act as additional safeguards against financial loss through one-time passwords and alerts. Despite pouring more and more value into their mobile devices, few take appropriate precautions to prevent compromise. Here are a few steps consumers should take to make sure that their smartphones and tablets stay firmly under their control.
- Apply a screen lock: With so much personal information available on our mobile devices, it is unwise to leave them open for anyone to access. Unfortunately, only half of smartphone owners use even a rudimentary lock screen. A simple password, pattern, or fingerprint lock creates a significant barrier to any miscreant who tries to access your data. Most mobile devices will allow you to set additional security features such as automatically wiping the phone after a number of incorrect password attempts.
- Keep a clean device: Just like your computer, your mobile device is susceptible to malware. Keeping a clean phone requires many of the same habits as keeping a clean computer – avoid unsafe websites, do not open email attachments or links from unknown senders, and keep clear of applications from unknown publishers with few reviews. Additionally, many good antimalware solutions are available for mobile devices, to provide additional protection against compromise. Just four in ten smartphone owners use mobile antimalware software, leaving a lot of room for improvement.
- Activate remote wipe capabilities: In the event that someone does steal your smartphone, remote wipe programs can make it impossible for them to access your information even if they know or guess your password. iPhone users have these features automatically built into their iCloud account and Android users should take advantage of Google’s Android Device Manager.
With so much room for improvement in consumer mobile security habits, what are necessary steps for financial institutions (FIs) and issuers looking to deliver products and services to consumers’ mobile devices? As mobile threats grow more sophisticated by the day, FIs and issuers should be taking every opportunity to regularly educate consumers as to best practices. They should also harden their applications against reverse engineering and implement stronger mobile authentication. No one party can ensure that mobile devices are as safe and secure as they can be – it takes cooperation and shared responsibility. Over the coming months Javelin is going to focus heavily on securing mobile devices and the transactions they facilitate. Join us as we explore ways to mitigate the mobile-oriented cybercrimes that affect consumers, businesses, and their financial service providers.