Securing your business tools

Back

Remember: Treat your phone like your wallet. Keep it safe and with you at all times. 

What can happen if your mobile device is lost or stolen? 

  • It may be used to access your money or steal your identity using information stored on your device. 
  • You may lose irreplaceable data like photos, notes or messages (if it is not backed up). 
  • Your social media accounts may be accessed, which can enable a cybercriminal to steal your identity using your profile information (such as your date of birth and photo). 
  • A cybercriminal may use your phone/tablet or its SIM card to rack up telephone charges to your account. 
  • You may have to cover the cost of a new device, while still paying off the lost or stolen one.

Use the following advice to make your mobile phone or tablet more secure: 

  • Set a password, Personal Identification Number (PIN), passcode, gesture or fingerprint that must be entered to unlock the device. Don’t forget to put PINs on your SIM card and voicemail, and ensure your device is set to automatically lock. 

  • Install reputable security software that includes antivirus and anti-theft/loss protection – your device’s retailer or service provider can provide recommendations. Only install applications from the official device application store and do not ‘jailbreak’ your device. 

  • Use your device’s automatic update feature to install new application and operating system updates as soon as they are available. 

  • Set the device to require a password before applications are installed. This will prevent unauthorised modifications to the device. Parental controls could also be used for this purpose. 

  • Leave Bluetooth turned off or in undiscoverable mode (hidden) when you are not using it. 

  • Ensure your device does not automatically connect to new networks without your confirmation. 

  • Record the International Mobile Equipment Identifier (IMEI) of your handset. Your IMEI is a 15 or 17 digit number often printed on a label under the battery or found in the settings under general information about your device. If your device is lost or stolen, report this number to your provider and they can stop the handset from being used. 

  • Enable the remote locking and/or wiping functions, if your device supports them.

The information stored on your phone is valuable, take these steps to help protect it: 

  • Back up your data regularly, either with a backup application or by manually syncing the device with a computer. 

  • Do not save passwords or PINs as contacts on your phone or tablet.  

  • Enable device encryption to protect personal data stored on the device where possible. 

  • Check the privacy permissions carefully when installing new apps on your device and only install apps from reputable vendors. Where you can, make apps or profiles private and password-protected.  Learn more about protecting yourself from mobile malware. 

  • Ensure you thoroughly remove personal data from the device before selling or recycling it.

You also need to be careful about where you use your phone – both online and off: 

  • Use public Wi-Fi networks wisely – for example, don’t do your online banking using these networks. Learn how to protect yourself when using public Wi-Fi. 

  • Don’t use chargers supplied by third parties or charge electronic devices at public charging stations or USB charging outlets. Only use genuine chargers supplied with electronic devices.

  • When connecting using Bluetooth, do it in private areas only. 

  • Use reputable sites and applications when downloading anything from the internet. 

  • Log out of websites when you are finished.  

  • Turn off location services when you are not using them and limit the applications that can track and use this information. 

  • Think before you click. Do not open links or attachments unless you are expecting them and you trust the source. If in doubt, hovering over links often allows you to see the destination URL and you can decide if you recognise the website or email address – although URL shortening can make this difficult.

It’s easy for information sent using public Wi-Fi access to be intercepted, so you need to be careful about what information you send or receive while connected.

Your internet connection is a way for you to interact with the outside world, but it also provides a channel into your computer. If your internet connection isn’t secure someone may use it to steal your personal or financial information for malicious purposes.

Public Wi-Fi ‘hotspots’ in places like cafés, airports, hotels and libraries are convenient, but they can be risky.

Tip: Avoid sending or receiving valuable or sensitive information when connected to public Wi-Fi networks.

Remember: If you don’t take steps to protect your internet connection and network, they could be used illegally and without your knowledge.

Use this guidance to learn how to use public Wi-Fi networks safely.

Computer security professionals refer to these steps as ‘hardening’ measures and they do just that—they make your software, your devices, your network and the connections between them harder to access and more resilient to attack.

Routers and modems 

A router is a small electronic box that creates a network for the devices in your home. A modem connects that network to the internet. Many internet providers offer a combined router/modem unit that performs both these functions in one device, and here we refer to the device simply as a router. 

Setting up your router

  1. Ensure the network password provided by the ISP or router manufacturer is hard to guess, and if not change it to something more secure.

  1. Some manufacturers’ administrator passwords to access the settings for routers are publicly available online, so in this case it’s imperative you change the password on your device. Where possible, also change the default administrator username (typically ‘admin’ or ‘administrator’) to something hard to guess. 

  1. Ensure remote management is disabled. Remote management on your modem or router can allow you to make changes to your internet connection, including passwords by logging into your device via the internet. By disabling this function, you are protected from unauthorised people remotely accessing your router and tampering with it.  

  1. Consider enabling the ‘guest’ Wi-Fi feature on your network for visitors that may need access. This way you don’t need to share your actual Wi-Fi password with them and you can cycle the guest Wi-Fi password as needed without having to reset all your wireless devices in your house. 

In many cases it is straightforward for a cybercriminal to determine the make and model of the device you are using, and then access your router. 

Use the strongest encryption protocol 

Because wireless networks don’t need a wire between a computer and the internet connection, it is possible for anyone within range to intercept the signal if it is unprotected. 

This means you need to use the strongest encryption protocol provided by your router, which is currently WPA2. You should be able to check this by looking at the device settings. The WPA2 protocol was introduced in 2006, so routers purchased on or before this date will not give you the option of selecting it. 

Manufacturers often classify old devices as ‘legacy’ models and no longer develop firmware upgrades for them, and this can leave you exposed to known security flaws. 

If that’s the case, you should consider replacing your router. 

Not using the strongest encryption protocol increases the chances of your internet communications being intercepted by cybercriminals. 

Make sure your router uses the latest ‘firmware’ available 

Firmware is the software embedded into your router that determines the functions it can perform. Just like new software updates for your computer, new firmware for your router will provide improved features and address any security vulnerabilities. 

To find out which version of firmware is installed on your router, some have a button you can click to automatically check if a more recent version is available. If not, you can log in to the device and check its settings. Then if you go to the manufacturer’s website, it will tell you if there’s a more recent version of firmware for your device and allow you to download it. 

Be careful when you do this. Make sure you follow the instructions in your device’s manual and select the correct firmware upgrade version for your model of router, because a failed update can render your device unusable and disconnect all your computing devices from the internet. 

If you don’t feel confident to update your firmware, you could get in touch with a reputable computer technician. You could also think about replacing your router. 

Upgrading to a current router model will offer you significant benefits such as additional features and configuration options, and most importantly, faster data transfer speeds.

Wherever you can, avoid using hotspots that are run by people or organisations you don’t know or trust.

Criminals have been known to set up Wi-Fi hotspots in order to steal users’ banking credentials, account passwords, and other valuable information. 

  • Confirm the ‘official’ hotspot name from venue staff and manually connect your device to it. Don’t let your device automatically connect to the first hotspot in its list.
  • Turn off network discovery options like “Remember networks this device has joined.”
  • Turn off file sharing. If you have file sharing turned on and you connect to a public Wi-Fi hotspot, your files could be accessed by others using the same hotspot.
  • Install a reputable virtual private network (VPN) solution on your device. When enabled and configured correctly, a VPN is a service that uses encryption to keep your information secure when using public Wi-Fi, as well as providing a level of anonymity. That said, a VPN doesn’t secure your devices or online accounts, so it’s important that you still keep them up to date with the latest security software updates, and always use strong passwords. Also consider the following when selecting a VPN service provider:
    • Look at independent reviews online. You’ll often find honest reviews from other users, so research the app on reputable blogs, websites or trusted sources that are not the app’s own website. You can also find out more about the app’s description, its content rating and the developer, and whether an app only encrypts some of your data, not all of it.
    • Where the company is based. Make sure you select a VPN provider that is based in a country with strong privacy laws. This reduces the possibility that data collected by your VPN will be shared with others.
    • VPN apps may provide your personal information to third parties. Many VPN apps are funded by advertising (which appears within the app) giving consumers the option to download the apps for free. In exchange, VPN apps may share your information with third parties. If you use a VPN app to keep your internet activity private, make sure you review its terms and conditions and privacy policy, to see if it shares information with third parties.
    • Consider the app permissions. Apps will ask for access to certain information on your device to help improve how it operates for you. For example, the app may request permission to read your text messages or access your photos. These permissions will be outlined and explained on the app store or during installation. Generally, a VPN application should not require access to your personal data.

Don’t do your online banking or shopping, send confidential emails or enter your passwords or credit card details on public Wi-Fi. Wait until you’re using a secure home, office of mobile connection.

When you are using websites while on public Wi-Fi, make sure the websites are secure. Always look for a https (‘s’ stands for secure) in the website address and a padlock on the web browser.

Always remember to disconnect from the hotspot after you have finishing using. it. 

But remember, no public Wi-Fi is 100% secure, so consider using your own mobile data for any sensitive transactions.

When accessing the internet at a public Wi-Fi location, you should take extra precautions.

  • Ensure your phone, tablet or laptop has a reputable anti-virus installed.
  • Keep software patched and up-to-date with the latest release version, to ensure that any identified security holes have been closed.
  • Set-up two-factor or multi-factor authentication wherever possible. Online systems such as banks, Google Mail and Facebook offer this option for transactions or when logging into accounts. This way, a malicious hacker can’t log in without also having access to your phone or SMS inbox, even if they know your username and its associated password.

An update is a new, improved or safer version of a software.​

All your personal or business devices including your phone, tablet, computer or laptop use software to run. Software includes:

  • Operating systems like Windows, Android and macOS

  • Apps on your phone

  • Games on your console

  • Your anti-virus, your browser or word processors at work.

Many software providers release these free updates for their products, to correct security concerns and improve functionality.

An automatic update is a default or ‘set and forget’ feature that updates your software as soon as an update is available.​

Safer. Faster. Better.​

Cybercriminals, malicious programs and viruses can find weaknesses in your software (called vulnerabilities) to access your device. Software providers release updates for their products to correct security concerns and improve functions. Installing regular updates fixes these vulnerabilities to improve your protection and your business’s protection from loss of money, data and identity.

Installing software updates as soon as they become available limits the amount of time cybercriminals have to find and use these weaknesses.

Updates also provide enhanced features and efficiencies for programs and apps.