An ounce of prevention is worth a pound of cure. Taking basic steps to guard the security and privacy of the information on your device, can go a long way to avoid nasty surprises. This post provides some basic safety measures to strengthen the information security level for our growing number of 3CX Android and iOS app users. Use these tips to keep your data out of reach of malicious actors.
The instructions below depend on the device, model and OS version. For instance, security settings for some Android devices are under “Security”, while in others under a different label, e.g. “Security & Privacy”. For Apple devices, there are only some minor differences between iOS versions. We suggest you explore your device to locate the applicable option.
Secure That Access
Always use a complex but mnemonic unlock code or pattern to authorize access to your device:
- Android: Go to “Settings” > “Security” > “Lock screen password” and set a complex pattern or strong password that you can actually remember without having to write it down.
- iOS: Go to “Settings” > “Touch ID & Passcode”, tap on the “Turn Passcode On” option and follow the on-display instructions to set a passcode.
Tip: Check and wipe your phone’s screen to clear up telling smudges that could reveal your PIN or pattern.
Never Keep Unattended
This is a no brainer, as leaving your phone unattended especially in public places is asking for trouble. Better to keep your device safely out of sight when not in use and ensure that your phone screen locks quickly.
- Android: Enable the “Screen Lock” option in “Settings” and set a short delay (e.g. 30s) for the device to sleep and lock.
- iOS: The most secure option is to set the “Require Passcode” to “Immediately”. This requires the passcode to be entered, irrespective of when you last unlocked your phone.
Become the Key
Biometric security functions like fingerprint, iris or face recognition, are more convenient than entering passwords or patterns. If you have a device that supports such functions, you can simplify securing access to your info. To scan your fingertips to be recognized for unlocking your device:
- Android: Tap on “Manage fingerprints” or “Fingerprint ID” in “Settings” > “Security” > “Lock screen password”.
- iOS: Tap on “Add a fingerprint…” in “Settings” > “Touch ID & Passcode” to configure Touch ID.
Deny Apps from Unknown Sources
Installing or sideloading unverified apps can be the shortest path to a malware infection, that could take over your phone and your information. Install apps on your Android phone only from the official Google Play app store, as these are vetted and frequently revised for security and privacy issues. Also, go to “Settings” > “Security” and verify that the option for installing apps from “external/unknown sources” is disabled.
iOS is much more restrictive in this manner since to actually be able to install an app from an unknown source, you have to first “root” your iPhone – not recommended.
Use Disk Encryption
This really comes into play when your device is lost or stolen, so that your data cannot be easily recovered by anyone who has physical access to your phone. Since this is a device built-in function, you need to check your current device for compatibility or add it to your shopping feature checklist:
- Android: Choose phones with Android 7+, like Google’s Pixel, and the latest Galaxy from Samsung. These models have file-based AES (Advanced Encryption Standard) 256 bit encryption on by default. There are also devices like the Blackberry KEY2 that include full disk encryption with AES 128 bit.
- iOS: All Apple’s iOS devices have full-disk encryption and an extra encryption layer for the user’s keychain that stores the most sensitive information, e.g. passwords and credit card info.
Discard Untrusted Connections
If you need to connect to a public wireless network, make sure you disconnect when you’re done. If a network is not secure, it can be compromised and with it any devices that connect to it. Yes, that includes your phone.
Secure your Backups
Smartphones have come to contain our most important data, be it private or business-related. Taking backups of your phone’s data helps to recover from data loss or corruption, but can also present a vulnerability if they fall in the wrong hands. To mitigate this risk, it’s important you keep your backups secure and protected:
- Android: Starting with Android 9 (Pie), Google by default encrypts your device’s backed up data stored under your selected Gmail account. If you take custom device backups, ensure that they are encrypted and/or password-protected.
- iOS: In iTunes, set the “Encrypt iPhone Backup” option under the Backup settings for your device on the computer. You need to choose a new password for the iTunes backup before actually creating an encrypted backup. Note that iCloud backups are automatically encrypted.
Avoid the Poisoned Chalice
Be especially careful when receiving links and attachments from anyone. Check and verify these, as the sender may unwittingly or intentionally attempt to install malware, siphon private data, or expose you to other threats and scams. Some “popular” examples:
- “URGENT! Click this to check if your account was hacked: [https://clickme.kom/and/get/your/poison]“
- “Your account is now locked! Click this and enter your PIN to unlock it.“
Keep Your Phone Updated
Whatever their differences, both Google and Apple support their respective mobile platforms by providing security and stability updates.
- Android: Check and apply updates in “Settings” > “System” > “Software update” to upgrade to Android 7 or later. Note that earlier Android versions can be less secure and be more susceptible to security threats. Opt for devices from manufacturers that provide frequent security and stability updates to keep your device updated and protected.
- iOS: Verify and turn on automatic updates in “Settings” > “General” > “Software Update”. It’s better to upgrade to iOS 12 or even better, to 13. While 12 has adequate security and privacy features, iOS 13 introduces granular app location controls, Wi-Fi and Bluetooth tracking blocks and per-website permissions.