Editorial Note: We earn a commission from partner links on Forbes Advisor. Commissions do not affect our editors’ opinions or evaluations.
Have you ever popped onto a public Wi-Fi to catch up on email, check a social feed or view the latest sales report? Are you sure the connection was private?
Unsecure public Wi-Fi networks are one of many common risks to mobile phone users—and by extension, their employers—as scammers target smartphones in a variety of crafty ways. Not knowing the rules of the mobile security road can lead to compromises that bring financial losses.
Here’s a look at the top concerns, plus tips on how you and your company can protect sensitive information when mobile phones are involved.
Device Ownership Dictates Security and Privacy Settings
The rise of mobile devices has ushered in a complicated situation for individuals and their employers due to the commingling of personal and business data. You look at a vacation photo one minute, a confidential memo the next.
Nearly half (45%) of companies said they experienced mobile-related compromises during the previous 12 months, according to Verizon’s 2022 Mobile Security Index. The share of businesses saying they got hit was almost double the figure found in the 2021 survey.
Some companies provide “work only” phones for their employees or executives. This means they set the rules, which may include using mobile device management (MDM) apps. These give full control of the security measures in place, enabling the business to change settings and require lock screens and passcodes.
However, most companies use a bring-your-own-device strategy where the employee foots the bill for the phone and service. BYOD policies protect employee privacy but expose the business to more risk because it’s tougher to enforce stringent security controls. After all, few employees would be willing to let their employer install remote management software on their personal devices.
8 Steps To Protect Yourself and Your Company
In either scenario, it’s important to evaluate the risks to mobile devices and how to head off the kinds of problems I see in my role as senior fellow for threat research at Fortra.
1. Keep Your Phone’s Operating System Updated
This is critical. The latest version of your operating system contains important security fixes as well as new features. Companies that use MDM solutions will typically enforce this updating, but it’s a best practice regardless.
2. Use the Lock Screen
Some people figure they’re mostly around highly trusted family, friends or co-workers and don’t want the bother of a passcode to use their phone. But if your device is stolen, you’ll lose more than just the hardware; your photos, emails, texts, account credentials and personal details will be at risk.
Also remember that if you have a smartwatch hooked up to your phone, it likely has an easier password—or none at all. It would be unlikely for a thief to access both your watch and your smartphone, but it’s something to consider. Biometrics like face recognition or fingerprint scans can help you avoid the annoyance of constantly retyping long passwords.
3. Set Up Remote-Wipe Capabilities
You can configure the phone to remove all data if someone tries an incorrect passcode too many times or steals your phone. If your phone is targeted by a hacker or thief, make sure you won’t have to start over from square one by enabling cloud backups that help restore your data on a new device. Also remember to wipe your device before donating or selling it.
4. Enable Your Phone’s Tracking Feature
Many people use Apple’s “Find My” app and similar features to keep tabs on their kids, but the technology also can help you act quickly to shut things down if your phone is stolen.
5. Use Extra Security on Public Wi-Fi
Public Wi-Fi networks offer scammers an easy way to hack into your phone and capture login credentials, especially if you’re accessing your bank account. Make sure to use a VPN or direct carrier connection with Wi-Fi turned off whenever public broadband is at play. Fraudsters can easily set up a Wi-Fi hotspot near you with a name that sounds legit, to eavesdrop on the connection.
6. Stick to Trusted Sources for Apps
Download apps only from your phone’s designated app store. It’s easy for a scammer to reskin a banking app, advertise it on an off-brand free app store and skim the credentials of anyone trying to log into their account. Flashlight apps made news several years ago because they were secretly sucking up users’ personal data and location details.
7. Watch for ‘Smishing’ Dangers
Phishing campaigns delivered via text, aka smishing, leverage social engineering to create a connection with you. Con artists will try to lure you to log into fake apps or strike up a conversation that can lead to “pig butchering” schemes that steal your money. The age-old advice we give kids not to talk to strangers serves us all well in this digital world.
8. Be Extra Careful When Traveling to an Adversarial Country
Your job may make you a target of cybercriminals. If your phone ever leaves your sight—maybe a customs agent takes it for a while—there’s a good chance it will be returned to you containing spyware or tracking hardware.
If possible, leave your regular phone at home, or back it up to the cloud and restore the device to factory condition with a bare minimum of apps. When you return from your international trip, restore the backup.
Other General Reminders To Avoid Mobile Scams
For individuals: Maintain an awareness of security and remember that the information you share verbally in public places could make you vulnerable to a scam. Curate what’s on your phone with safety and necessity in mind. If your phone is stolen, report it to the police and your wireless carrier so it can be rendered unusable (that is, bricked).
For companies: Organizations are wise to include mobile security topics as part of their employee training. Locking down access and controlling permissions to sensitive data is also key. Finally, be aware that anyone in your office—including visitors and employees—could be recording conversations or snapping pictures of information on whiteboards or documents on desks.