October is Cybersecurity Awareness Month and being aware of all your devices is as important as ever before. Most people are online every day, which opens themselves up to a threat of being hacked. Whether it be a mobile device, laptop or personal computer, everyone needs to have cyber awareness.
Steven Weldon, director of the Cyber Institute at Augusta University’s School of Computer and Cyber Sciences said many straightforward things that can be done to protect devices, such as having lock screens, making sure operating systems are up to date and simply recognizing how, when and where devices are being used.
“Smartphones today are probably the most capable computing device that we have, and we have it on us all the time,” said Weldon.
“The data that can be extracted from these devices can be put together to build a pattern of life on us: where we go, what we do and when we do it. All of this data is potentially at risk if we’re not being careful about who gets access to our smartphones. That’s a great reason to lock the screen and require at least a password or pin to unlock the phone.”
Gokila Dorai, PhD, assistant professor in the School of Computer and Cyber Sciences, suggests using biometrics to enhance security.
“I would strongly recommend for women, young adults, even teenagers, if it’s possible for you to have biometrics as a way to unlock your device, then go for that. These unique ways of unlocking a device would add a layer of protection,” said Dorai.
Dorai is one of the growing experts in the field of mobile forensics and her research projects are federally funded. In addition, several SCCS faculty are mentoring undergraduate and graduate students working on cutting-edge research related to mobile device security and digital forensics.
She also suggested adding two-factor authentication or multi-factor authentication to create an extra layer of security.
When out in public, it’s easy to connect a mobile device to an unprotected Wi-Fi network — but doing so could open up sites you visit to a hacker. Weldon suggests people should be careful of what apps are used when on public Wi-Fi, since they may expose a lot of personally identifiable information. His suggestion is to use a virtual private network to help protect data that’s being transmitted and received.
“We should recognize the data on our smartphones and protect them accordingly,” added Weldon. “Recognizing the value and sensitivity of the data on our smartphones can guide us in how we protect these devices. We may not think as much about the security and privacy of our smartphones as we do about our laptops and desktops. When we think about everything we use our smartphones for, how ubiquitous they are in our lives, we come to realize just how central they are to today’s lifestyle in the digital age.”
It’s tough to identify when a mobile device has been hijacked, so both Weldon and Dorai suggest paying close attention to any unusual behavior, even small things such as a battery draining faster than usual. Both are indicators you may need to take corrective actions.
Dorai added the government can do more to protect a person’s privacy.
“With the introduction of more and more Internet of Things devices in the market, with several different manufacturers, there’s a lot of user data that’s actually getting exchanged. These days, the most valuable thing in the world is data. So stricter measures are required,” she said.
She indicated it needs to be a collaborative effort between industry, academia, government and practitioners to come together and work on ideas to strengthen security.
“Yes, we want security. We are willing to put up with a little bit of friction for additional security. We want it easy and we generally want it free,” said Weldon. “We don’t read licensing agreements, but we would generally be willing to take certain actions, make certain tradeoffs, to be more secure.”
One other major concern are apps in general. While Google Play Store and Apple routinely remove some apps that may be out of date or have security vulnerabilities, they may still be running on a user’s device.
“Mobile applications may also hide from you in plain sight in the sense the app icons may not be showing up on the screen, but still they are running in the background,” added Dorai.
In essence, the device user is the first line of defense. Taking all the necessary steps to prevent a third party from getting your information is of the utmost importance in the digital age.
“I believe a big part of it this discussion is about user awareness. We want that free app but that app is asking for a lot of permissions. There’s an old saying in cybersecurity: ‘If you are not paying for the product, you are the product.’ There’s also another saying: ‘If it’s smart, it’s vulnerable,’” said Weldon.