Smartphones have become so powerful and easy to use that advisors and their clients are increasingly taking advantage of the capabilities these devices offer. In fact, as of mid-2014, smartphone usage had surpassed that of traditional computers. However, the rising popularity of mobile devices comes with increased risks — particularly as it relates to security.
Hackers, crackers, criminals and other “black hats” attracted by the increased use of smartphones and tablets are now targeting users, who face growing vulnerabilities. These range from leakage of data such as phone numbers, access codes, text messages and other private information, to ransomware, which is software that encrypts your data without your consent and asks you for money to recover it. These risks are ubiquitous, as all major mobile brands have suffered from security breaches — and their number is growing.
For example Kaspersky Lab, an Internet security software provider, detected more than 1.5 million malicious installation packages on mobile devices during the third quarter of 2015, a 50% jump compared with the previous quarter. During the same period, the number of mobile banking Trojans, which are malicious programs that appear to be useful but target users’ money and bank cards, that were detected increased fourfold.
Hackers use these techniques, because they know that most mobile users are lax about integrating core security principles. Joe Q. Public simply doesn’t know the real value of the data he carries in his pocket and doesn’t see himself as a target. Advisors can’t afford that luxury.
Information that may appear to have little or no apparent value could represent a gold mine for a “black hat.” Even if an individual is not the direct target of an attack, his device could be hijacked to perform one against someone else. I strongly believe that advisors have a crucial stake in keeping their mobile devices secure because of the type of client data they work with which, for the most part, contain personally identifiable information. Such data are actually governed by federal and provincial laws and not properly protecting the data could thus potentially have legal consequences.
During the course of my career, including my time spent at the Montreal Exchange, I have found that teaching investment professionals the best practices on how to secure their information assets has been a continuous task. Following are some best practices that advisors should adopt to protect crucial data typically found on smartphones:
Lock your screen. Whether through use of a password, PIN number, fingerprint recognition, or other security measure, protect your mobile device so others can’t simply pick it up, open it and browse its contents — as well as possibly change some settings. If you use a password, make it complicated and use a large combination of letters, numbers and other characters.
Don’t install untrusted software. Although some mobile devices make it hard to install “cracked software,” which could potentially harm your smartphone or tablet, you can never be sure if a “black hat” has hidden “little extras” that remove an application’s protection. A good precaution is to only use apps that several people in your circle of trusted contacts have recommended.
Clean your mobile device before discarding it. Every mobile operating system (OS) offers the option of performing a factory reset. Before recycling or giving an old mobile device away (don’t throw it in the garbage; Mother Nature won’t like it), erase your data using that function. You’ll minimize the chances of someone recovering it and causing trouble.
Encrypt your data. The two major providers of mobile OSes offer data encryption options, so take advantage of them. If you do, even if a black hat who plugs your device into a computer won’t be able to read its content without unlocking it. This security precaution is particularly useful when combined with a locked screen.
Even though one or more of these security precautions could — eventually — be circumvented, they are a good start. Applying these measures will help advisors go a long way toward keeping personal data and applications safe.
For more on this topic, see: Cyber Smarts: Protecting your business from cyberthreats