Even though mobile devices – such as smartphones, tablets, and laptops – offer a range of conveniences, users should be mindful of potential threats and vulnerabilities while using them.
On November 20th, 2018 United States Computer Emergency Readiness Team (US-CERT) published cyber-security tips for electronic devices that we would like to share with you.
Why does cyber-security extend beyond computers?
Actually, the issue is not that cyber-security extends beyond computers; it is that computers extend beyond traditional laptops and desktops. Many electronic devices are computers—from cell phones and tablets to video games and car navigation systems. While computers provide increased features and functionality, they also introduce new risks. Attackers may be able to take advantage of these technological advancements to target devices previously considered "safe." For example, an attacker may be able to infect your cell phone with a virus, steal your phone or wireless service, or access the data on your device. Not only do these activities have implications for your personal information, but they could also have serious consequences if you store corporate information on the device.
What types of electronics are vulnerable?
Any piece of electronic equipment that uses some kind of computerized component is vulnerable to software imperfections and vulnerabilities. The risks increase if the device is connected to the internet or a network that an attacker may be able to access. Remember that a wireless connection also introduces these risks. The outside connection provides a way for an attacker to send information to or extract information from your
device.
device.
How can you protect yourself?
- Remember physical security – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas.
- Keep software up to date – If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities.
- Use strong passwords – Choose devices that allow you to protect your information with passwords. Select passwords that will be difficult for thieves to guess, and use different passwords for different programs and devices. Do not choose options that allow your computer to remember your passwords.
- Disable remote connectivity – Some mobile devices are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. You should disable these features when they are not in use.
- Encrypt files – If you are storing personal or corporate information, see if your device offers the option to encrypt the files. By encrypting files, you ensure that unauthorized people can't view data even if they can physically access it. When you use encryption, it is important to remember your passwords and passphrases; if you forget or lose them, you may lose your data.
- Be cautious of public Wi-Fi networks – Follow these recommendations when connecting to any public wireless hotspot—like on an airplane or in an airport, hotel, train/bus station or café:
- Confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate.
- Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network.
- Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.
FDIC Security Tips
FDIC also issued some suggestions to help you be safe and secure as you use mobile banking and payment products and services:
Be proactive in how you protect the data on your mobile devices. Start by using "strong" passwords and PINs.
Avoid using an unsecured Wi-Fi network, often found in public places, such as coffee shops, because fraudsters might be able to access the information you are transmitting or viewing. Log out of your bank account or mobile app when it's not in use. Just like with your laptop, use mobile security/anti-virus software and keep it updated.
Take additional precautions in case your device is misplaced, lost, or stolen. Set the screen on your mobile phone to lock after a certain amount of time and use a PIN or password and/or a biometric indicator (for example, a fingerprint or facial recognition) to unlock your mobile phone. Likewise, use PINs or other security features enabled on your smartwatch, such as one that will lock the watch if it is not on your wrist or too far from your mobile phone. Don't store your PINs or passwords on your mobile phone or tape them to the underside of your smartwatch or mobile phone.
Consider signing up for transaction alerts from your credit card, bank and mobile app provider. These messages can help you identify unauthorized activity quickly. Alternatively, check your transactions regularly on your cards, bank account and mobile app website.
Research any mobile app before downloading and using it. Make sure you are comfortable that the mobile app is from a reputable source. Going to the bank's or company's website to find directions for downloading their app can help to ensure you are downloading a legitimate app.
Be on guard against fraudulent emails or text messages. These communications typically appear to be from a government agency or a legitimate business in order to trick you into divulging valuable personal information (including your birthday, Social Security number, passwords and PIN numbers) that can be used to commit identity theft. The emails and texts could also ask you to click on a link that will install malicious software on your mobile phone and enable the fraudster to gain access to your mobile banking apps.
"To protect yourself, never provide passwords, credit or debit card information, Social Security numbers and similar personal information in response to an unsolicited text message or email," said Michael Benardo, manager of the FDIC's Cyber Fraud and Financial Crimes Section. "If you have any questions regarding the legitimacy of an email or a text, call your bank or mobile app provider, or the business or government agency that claims to have sent the email or text, and be sure to use a phone number you have looked up on your own and not what is in the email or text in question."
Note: These messages are often called "phishing" emails and "smishing" text messages. Phishing is a term given to fraudulent emails "fishing" for valuable personal information, and "smishing" is a variation of that when referring to "Short Message Service" or "SMS" text messages. "Security experts for years have warned consumers about smishing scams, but as more people have smartphones, smishing is becoming more common," Benardo said.
To download Endeavor Bank's Mobile Application:
Visit the Google Play store or Apple store to download the Endeavor Mobile Banking Application.