2017

Your device, your privacy: the who, what and the how of mobile privacy

Lest we forget, digital secrecy does not exist. We may not realize it but we are kept on a close electronic leash and tracked, followed, observed and monitored on a very large scale and we are actively participating in this through our use of mobile phones.

Before you write me out as some paranoid cyber security lawyer, be aware that your personal data, behaviour, tastes and relationships form the basis of the economic models adopted by the free app providers making your information even more lucrative. With an attention span shorter than a Goldfish, we don’t bother going through the End User License Agreements, it’s just a pain.

So you go about your normal day sending business and personal e-mails, downloading apps, or updating your social media status, a little pop-up appears that has nothing to do with what you’re actually doing. Then it dawns on you. You may have seen this product page before. A simple search you did in the past has come searching back for you.

Accessing user information both for legitimate and malicious purposes is no longer uncommon in the digital age, where you do just about everything using a mobile device. But can breaching one’s privacy be stopped? What should you do to protect your privacy from mobile threats like this?

  • Who

The right to mobile privacy

We all have the right to privacy. But this easily gets violated whenever someone tries to access our personal information on any platform, without our consent or any given lawful reason. Breaching could be as simple as a friend spying on your social media account to marketing agencies deliberately studying the types of websites you visit and barraging your inbox with unsolicited alerts or offers.

With everything going mobile these days, it’s not surprising that some, if not most of us, often disregard the value of privacy. Sometimes, we ourselves, enable ‘data leaks’ failing to log out of sites leaving cybercriminals more than happy to take advantage of our oversight.

In social media alone over-sharing has become a springboard for more severe types of cybercrime like identity theft with the creation of a number of malicious apps engineered to steal sensitive user data.

  • What

Your device settings

Your default device settings serve as suggestions you can use to increase protection. By familiarizing and modifying these settings to suit your mobile needs, you can be assured that no one has easy access to your mobile device. Getting familiar with these settings could gain you more security.

Visiting malicious sites and drive-by downloads

Symantec security defines a malicious website as a site that attempts to install malware (a general term for anything that will disrupt computer operation, gather your personal information or, in a worst-case scenario, gain total access to your machine) onto your device. Malicious websites often look like legitimate websites and sometimes ask you to install software that your device appears to need.

Drive-by downloads are malware that can be installed on your device simply by looking at an email, browsing a website or clicking on a pop-up window with text designed to mislead you, such as a false error message.

So don’t open that email or click on that pop up message if you think it is malicious; guys, there’s no swimsuit model in Russia who thinks you’re hot – trust me.

Your mobile behaviour 

Owning a mobile device gives you the freedom to access the online world more frequently. But does it change your behaviour when it comes to security? This freedom often makes mobile users more vulnerable to threats through mobile activities like social networking, shopping and banking.

Cybercriminals are stepping up the production of threats that affect social networking sites, online stores, and even banks—and they won’t just stop at creating apps that could easily be mistaken for legitimate ones.

Why – money is the driving force

Mobile devices have impressively centralized one’s online activities. But at the same time, it has opened doors to vulnerabilities exploited by cybercriminals driven by one agenda: money.

Kenya Cybercrime firm Serianu estimates that Kenya lost more than KES 17 billion to hackers in 2016. Not only did the number grow, the sophistication and capabilities associated with these threats grew as well. Cybercriminals are always on the lookout to steal information stored in smart phones and tablets that can be used for profit.

How

apps.jpg

They’re called free apps for a reason

It is so easy to get lost in the number of free apps you can download these days. One click and you can enjoy the game everyone is talking about or that app that filters your photos to the stone age. But remember that there’s always a trade-off. If they don’t charge you for using their app, chances are they could be earning by reselling your personal information. How about that!

Device loss or theft

No matter how careful you are with what you store in your mobile device, once it gets lost or stolen, you have little to no control over what happens with the sensitive files or data you have in them.

End-User License Agreements (EULAs)

EULA.png

You know that little checkbox you click that says you’ve read the terms of the agreement? That’s what the online service developers use to look out for themselves, they’re called EULA’s. You see it on the terms they ask you to agree with that they can change at any time, with or without notice. Before saying yes to these EULAs, you should read up and familiarize yourself with what’s stipulated. You may end up allowing them to sell your photos, track your online activities or hand over information to authorities without your knowledge.

Bring Your Own Device (BYOD)

Employers are now turning the tide with regards to personal devices for work related activities. Companies are now investing in their own devices and top of the range anti-virus software to curb the menace associated with BYOD. But if your organization allows you to BYOD, be wary since even a company’s IT policy could mean giving your IT department access to your personal files and information.

Anyone could fall victim to cybercriminals trying to breach your privacy. But there are still stops you can pull to prevent this.

General Checklist:

  • Configure your device’ privacy and browser settings to control the amount of information it shares.
  • Activate screen locks and passwords to minimize chances of hacking and change passwords every three months for security.
  • Refrain from storing compromising files (photos and videos) you’re not comfortable with on your device
  • Clear your mobile browser cache regularly to avoid data leakage and information-stealing malware. Constantly monitor your app and account settings to make sure sharing and connectivity are secure. For the less tech savvy, I would recommend theClean Master App. A few clicks and you’re safe.

Get rid of apps you don’t use

  • Download only from trusted sources like the developer’s website or from Google Play. Remove apps not in use.
  • Always check the app’s permissions to ensure that it doesn’t perform functions outside of its intended use.
  • Use your mobile browsers’ private browsing settings, especially for sensitive transactions like online banking.

Device Loss or Theft Readiness

  • Take note of your account credentials or make use of a convenient password manager when the need to reset them arises.
  • Backup files with irreplaceable information in the cloud.
  • Prepare to contact the authorities, your service provider, and concerned organization to avoid the malicious use of your identity and to block bill charges.
  • Sign up for a reliable remote service that allows you to find, lock or wipe your device when you need to.

Check your BYOD Agreements

  • Are you required to produce personal devices for forensic analysis?
  • Does this apply to devices shared with other family members?
  • Who can access personal information stored in your device?
  • Can your company track your location? Is this a requirement? Do they have notifications if the need for this arises? Under what circumstances?
  • Are your personal online activities monitored? Are these systems active outside regular work hours?
  • Is this information retained when you leave the company?

Leave a Reply