We use our mobile device and its installed apps every day. The apps we download make it easy for us to do everyday things like check our mail, tap onto the tram/train/bus, update our Instagram story, pay for coffee, track our calories and now even to track our property settlement (shameless plug of PEXA Key). All conveniently completed on our way in to work.
With all this private information available at the touch of a button, keeping our phones and chosen apps secure has become increasingly important.
Here are some handy tips to assist you in doing so.
1. Download from official stores
Cybercriminals are known to create rogue mobile apps that mimic trusted brands in order to obtain users’ confidential information. To avoid these types of scams, always download new apps from the official app stores, check the publisher is from the official supplier e.g. Property Exchange Australia Ltd) and when the app was last updated. For example, PEXA Key is available exclusively on the Google Play Store and Apple App store.
2. Use device security
All smart phones have multiple methods of authentication available. We advise you to:
- Not leave your phone unlocked. Make sure your phone is set to auto lock within 30-60 seconds of inactivity; and
- Use at least one of the authentication methods available to unlock your device e.g. facial recognition etc.
If using a pin code to access your phone, do not use the same pin for your apps or write them down on a piece of paper. Try using a password manager app to store, keep track of and generate new passwords and pin codes.
3. Call your provider
If you lose or misplace your phone, call your provider to ensure your SIM is deactivated to protect your phone and the apps on it from potential criminals. This is good advice for your clients who use PEXA Key. It is also important that they remember to notify you in the unlikely event that they lose their phone.
4. Anti-virus on your phone
Your hand-held device is no different to your laptop or PC and is similarly susceptible to scams such as phishing. Consider installing anti-virus software onto your mobile device.
Nice list...
May I suggest that the CBA Signals August 19 recommended Zero trust policy as read... (https://www.commbank.com.au/business/support/security/signals.htm)
might extend to include...
- Disable Near Field Communication (NFC) (tap and pay-as-you-go apps often use this) and Bluetooth when not in use,
- Do not allow kids to play with your phone,
- Do NOT trust ANY WiFi (easy to imitate even a known node -unless you know the connection is secure ie WPS button connection established your-self)
- use a VPN if unsure.
- if you must email private details, use secure email/portal where possible.
- Use secure portals like BankVault and its invisible keyboard for banking and online payment sessions (although PEXA signing is not yet available).
- Challenge callers/communication to authenticate and verify who they really are. Suggest establishing client/liaison passwords.
- Inform the community colleagues and industry of attempts -especially if unique or convincing.
- RoboCall (automated/recorded voice call), or Wangiri (literally, "One-(ring)-and-cut") from Japan where it originated. - ring-once-attempts to entice the receiver to call back, they then obtain further details on the receiver-now-caller &/or charge exorbitant $/time.
- Don't trust SMS either, they are able to be ploned (phone-cloned) and web-services versions of SMS are often sent via similar methods as insecure email.
- Don't trust apps without querying the permissions, Ask the question for each listed permission, Does this app really need access to this, to do that?
- Have a reliable backup of your Data.
