How a cybersecurity expert protects his smartphone

How does a UAB cybersecurity expert protects his own smartphone? Here are the risks you need to know.

Smartphones are vulnerable, but a majority of people fail to protect their mobile devices.

Cybersecurity expert Ragib Hasan, Ph.D., director of the University of Alabama at Birmingham’s SECuRE and Trustworthy computing Lab (SECRET Lab), follows several simple steps to protect himself.

hands phone NYCU sAn assistant professor of Computer and Information Sciences, he says most people ignore the single best way to protect personal smartphones.

“Your smartphone is more vulnerable than any other electronic device,” Hasan said. “The simplest, most effective thing you can do is to set up a passcode, but people don’t usually want to bother with it.”

Hasan encourages users who do not lock their smartphones, which can be done easily in the phone’s settings, to consider the consequences of allowing access to bank accounts, sensitive work emails and personal pictures to fall into the hands of an unscrupulous stranger.

“If they have access just to your email, they can take control of your digital life completely,” Hasan said.

Other tips Hasan practices to keep his information safe include:

  • Never pay bills or do banking on phones using public Wi-Fi, because it makes you a prime target for cybercrime. Secured Wi-Fi at home is safer. “There is malware (malicious software) that can come from seemingly benign apps or fun games,” Hasan said. “They record the information you type in and send it to a criminal without your even knowing.”

  • Use landlines, never cellphones, for conversations about sensitive or private work-related matters.

  • Be on alert for “vishing,” or voice phishing. Criminals call masquerading as bank or credit card employees, saying they need a bank account or Social Security number. “People are used to getting phishing emails, and spam filters catch a lot of those; but with phones, there are no spam filters,” Hasan said. “Never share those details over your cellphone. Call the company’s customer service department on a main number. Calls can come from anywhere in the world, but look as though they are from the United States.”

  • Log out of email, Facebook and Twitter accounts, or set smartphone controls to time out. “If someone accesses your Facebook account, he or she can pretend to be you, set up fake accounts, and send things to all your friends,” Hasan said. “Criminals can do a lot of real harm.”

  • Watch for signs of unusual activity, especially on Androids, which are more susceptible to malware in the way PCs are. “If your phone is draining very quickly, for example, an app may be running in the background and spying on your phone,” Hasan said. “You may need to reset the phone or get help from your phone company.”

  • At businesses that accept mobile payments, never allow a clerk to take the smartphone out of sight.

  • Never put scanned digital copies of important documents, such as a driver’s license or passport, on a phone.

  • Install a remote phone-tracking and -wiping tool to track a lost phone and, if necessary, to delete private information remotely.

  • Do not allow a phone to automatically connect to insecure public Wi-Fi hotspots like those in coffee shops or airports.

  • Beware of browsing mobile sites. Criminals are setting up fake websites to resemble real ones of trusted entities. Since mobile views of websites often look different from regular company websites, many people do not suspect a problem. “They are so small on the screen that it’s hard to figure out,” Hasan said.

“Be sure to talk about these things with people in your life to help keep them safe,” Hasan said. “Even smart people fall victim to these scams. The criminals are getting smarter."