Ir para conteúdo

Aim: Ensuring the safer use of smartphones

 

How?

  1.  Activate your smartphone's lock mechanisms using a PIN or other authentication feature;
  2.  Use a VPN whenever you connect to public Wi-Fi or choose to use data to access the internet in places without home or work Wi-Fi;
  3.  Avoid having your smartphone's Bluetooth and location turned on unnecessarily;
  4.  Keep your system and applications up to date;
  5.  Be careful with the applications you install opt for those provided by recognised platforms; check that user and expert reviews are positive; limit application access to only those functionalities essential to their operation;
  6.  Opt for your smartphone's security and privacy settings and more restricted apps;
  7.  Do not click on links sent via suspicious SMS;
  8.  Do not answer calls from numbers identified as fraud or about which you are suspicious;
  9.  Whenever someone calls you on behalf of a service asking for personal details, or asking you to make a bank transfer, or suggesting that you install something on your computing device, make sure that you are talking to someone trustworthy by checking with other sources and questioning the veracity of what is being asked


What goes right when you act right

•    Protects your personal and professional data and the multitude of accesses to platforms that your smartphone allows.


Why care
 

The smartphone has become a core object for the use of cyberspace, insofar as it is a device that is not just a mobile phone, but an authentic pocket computer where multiple functionalities can be found. This importance is not always accompanied by a corresponding concern for cybersecurity. For example, a smartphone that has no locking and authentication mechanism leaves all stored files, such as photos and documents, and installed applications, such as email, online banking or social networks, exposed to third parties.

As a mobile object, the smartphone accompanies the life of each individual very closely, storing traces of daily life like few other devices: the shared images; the journeys made with the help of GPS; the run monitored by an app; the history of messages and phone calls; among many other aspects. When professional email or other applications used for professional interactions are available on the smartphone, work context data is also at risk if you are not careful. When you protect your smartphone, you protect access to all this information.


Did you know that?

The compromise of a smartphone through theft or simple loss can jeopardise a lot of information that needs to be protected, especially if no mechanism to block the device has been activated. In addition, a malicious programme installed on the smartphone that allows spying on the user's activity through the camera, for example, can have extremely privacy-invasive consequences. In addition, the smartphone is often used as a second authentication factor through an SMS, token or email. Therefore, compromising this device can help a malicious agent bypass the extra layer of security that multiple factor authentication allows.

Many of the frauds conducted through so-called "social engineering" are done using phone calls to capture personal data or lead people to make bank transfers. These phone calls are called vishing, a word that results from the contraction of the word "voice" with the word “phishing”. So it is phishing through voice instead of email. This technique is also widely used through SMS, the so-called smishing (contraction of "SMS" with “phishing”), where often a link is shared that can lead to fraudulent websites or the installation of malicious software.

It is also very important to keep your system and applications up to date. As with any computer, these updates allow you to fix security vulnerabilities that are discovered over time. Also as with a computer, access to public Wi-Fi should be done through a VPN, thus avoiding the security vulnerabilities found in a public network, which may allow an outsider with the appropriate knowledge to access it. Alternatively, in such cases, it is preferable to use the operator's data.

Considering that the smartphone is a device where new applications are easily installed, many of them "apparently" free, some care must be taken with the criteria that are used to make these installations and with the access authorisations to functionalities that are granted. Applications made available outside of recognised platforms for this purpose are less subject to verification and criticism. You are more likely to encounter a malicious application in this context, which may bring with it software which, for example, spies on users and violates their personal data (spyware). Moreover, even apps that do not install malicious software can be abusive towards users, unnecessarily accessing their camera, photos or contact list, with the possibility of this data being used for unauthorised commercial purposes. An app that you do not pay for with money is generally an app that pays for itself with user data.


Data

  •  In 2020, there are about 13.5 million mobile subscriptions in Portugal (Portada, 2021);
  •  Only 42% of individuals in Portugal in 2020 say they have ever refused or restricted access to personal data when using or installing an app on their smartphone - the EU average is 52% (Eurostat, 2020);
  •  Only 11% of individuals in Portugal in 2020 acknowledge having installed or subscribed to some security system on their smartphone - the same figure as the EU average (Eurostat, 2020);
  •  Phishing and smishing are the type of incidents most recorded by CERT.PT in 2020, accounting for around 43% of incidents during that year (CNCS, 2021).
Last updated on 08-09-2022