It’s been an unprecedented year in many ways, and that applies to the cybersecurity industry too. Not only are we as a society dealing with an ongoing global pandemic, working from home, job losses, natural disasters, social injustices and an election year, we’re also seeing a significant rise in sophisticated cyberthreats and scams directly related to these events.
The Federal Trade Commission has received more than 257,000 reports related to COVID-19 and the stimulus, totaling over $190 million in fraud loss. And recently, the FTC reported continued surges in scams originating on social media. According to the announcement, “the number of complaints about scams that started on social media more than tripled in the last year. People reported losing more than $117 million to this type of scam in just the first six months of 2020 compared to $134 million for all of 2019, according to the FTC’s latest Consumer Protection Data Spotlight.”
With a large part of social media and internet activity occurring on mobile devices, and with sophisticated, event-driven cyberthreats and scams on the rise, it’s more important than ever to protect yourself as much as you can from cybersecurity attacks. Here are some tips worth heeding and sharing with your support teams and clients.
Only download applications from trusted sources. Downloading applications outside of reputable sources may equate to increased security risk. Official application repositories (like those of Apple or Google) continuously monitor for fraudulent or compromised applications and work to ensure the apps they do offer are properly vetted for legitimacy.
Turn off geo-tracking location features. It may be convenient when you’re ordering for pick-up, but whenever you enable location tracking services on your phone or in an app, you allow dozens of data-gathering companies to collect detailed geolocation data about you, which they then sell to advertisers. Although the information is anonymized, it can reveal your real-time movements with disturbing accuracy — successfully tracking your position to within a few yards. By cross-referencing a map of your activity with information about you garnered from a simple search, people with bad intentions can access a wealth of data about every element of your daily life.
Do not allow access to your contacts. Allowing applications access to our personal and professional contacts can not only create potential privacy issues, but can also assist cybercriminals with creating more credible attacks or even generating more potential targets.
Enable automatic session log-out. After a certain period of time, if possible, set your apps to auto logout. If the app doesn’t have that capability, be conscious of fully logging out of an application once you are done using it.
Do not use social media sites to log in to other accounts. Social media sites often do not enforce the latest password-creation best practices, which can lead to the use of weak and outdated passwords. This can lead cybercriminals to target social media sites in search of your outdated account information. If other accounts are linked through the targeted social media account, this provides an opportunity for a cybercriminal to access other potentially more important accounts.
Do not auto-save your credentials within applications. Acquiring your username and password is a major goal of cybercriminals, so saving your username or password can bring a threat actor one step closer to compromising your account.
Be mindful of the content and information that you post on all applications. You may be OK sharing information with friends and family, but recognize that cybercriminals may also be looking at the information you share. For example, photos you post online typically include geotags, which can let users know your location or contain information that would help a cybercriminal easily guess common security questions.
Consider reviewing the applications downloaded on your devices on a quarterly basis. Decide if an application is something you still use. If not, it may be best to delete the application, especially if you are not employing application updates on a regular basis. Best practices on deleting your accounts can vary per application.
OTHER TIPS FOR MOBILE DEVICES
• Update your mobile device’s operating system in a timely manner when a new version is available. Ensuring your device is updated helps protect your data from being exploited by a vulnerability or an unsafe application.
• Enforce auto-lock timeouts of two minutes or shorter on your device. This is a simple way to reduce the risk of an easy win for cybercriminals looking to steal your device.
• Protect your devices with biometric features like facial or fingerprint recognition, and create strong passcodes. Consider opting for an alphanumeric passcode (an option typically found in passcode settings) for increased security.
• Enable multifactor authentication on your accounts wherever possible.
• If your mobile device is no longer compatible with the latest updates, consider purchasing a newer device.
Andy Zolper is senior vice president, chief information security officer and head of technology infrastructure at Raymond James.
As our second lead editor, Cindy Hamilton covers health, fitness and other wellness topics. She is also instrumental in making sure the content on the site is clear and accurate for our readers. Cindy received a BA and an MA from NYU.