Week 30: Secure your smartphone: keep your data safe from sticky fingers

30.07.2024 - Mobile phones have become an indispensable companion, even on holiday. Whether you're trying to find directions, buy tickets or look up information: you can do it all on your smartphone. The camera also allows us to take photos and create memories wherever we go. But along with holiday snaps, these compact devices also store personal information such as contacts, emails and login details. If your smartphone is lost or stolen, the consequences can quickly become very serious. That's why it's important to have the best possible security measures on your phone so as to protect your data from fraud if it's stolen.

We recently received a report from someone who was pickpocketed during an evening stroll in a Spanish city. He only noticed his phone was gone when he went to take a photo and then immediately reported it to the police. On their advice, the victim immediately changed his login details for all online accounts linked to his phone. This meant the thieves could not access the phone because it was properly locked and all security settings were set correctly.

The victim had also backed up his data regularly, so he still had access to it. What's more, he had set up a tracking app on the phone so he could follow its movements. This revealed that the phone travelled from Spain to China, where attempts were made to unlock and reset it. However, when the fraudsters could not crack it, they began to threaten the victim, demanding that he unlock the phone or face serious consequences. Alarmed by these threats, the victim contacted the NCSC. As he had taken all the right steps in terms of cybersecurity, the NCSC referred him to Apple Support. Unfortunately, we have no information on how the story ended, but this incident is a reminder of how important it is to make sure your device is properly secured.

Always lock your mobile devices:

If you lose your device, it's important that unauthorised persons cannot access its contents. Losing information such as work and personal emails, photos or phone numbers could harm you and others if it fell into the wrong hands.

Depending on the make and model of your device, the following methods may be available to you:

  • Fingerprint recognition
  • Face recognition
  • Iris recognition
  • Password or PIN code

Make sure you turn on these authentication methods. Set your device to lock after the shortest possible period of inactivity (30 seconds). Choose a sufficiently long and random PIN code. Avoid simple sequences such as 123456 or 234567, and don't use codes with personal significance (date of birth, postcode, car registration number, etc.).

Back up your data regularly:

If your device is lost, stolen or damaged in an accident, your data could be irretrievably lost. It's a good idea to regularly back up the data on your mobile devices. You can do this using a cloud service or by syncing your devices with your PC or backing up your data to an external storage device.

Turn on location services and remote wipe:

Because they're so small, smartphones are often accidentally left behind in our busy lives. You can locate your mobile devices and even remotely wipe the data on them by taking the following steps:

  • For Android, the service is called Find My Device and can be downloaded directly from the Google Play Store. For information on how to turn on and use this service, see Google Account Help.
  • For Apple, this feature is called Find My (formerly Find My iPhone on older devices). It is pre-installed on every Apple device but needs to be manually turned on. For information on how to turn on and use this service, see the iCloud User Guide.
  • For Samsung, this feature is called Find My Mobile. It is standard on all Samsung devices but also has to be manually turned on. For information on how to turn on and use this service, see Find My Mobile.

For the device to be tracked, it usually needs to be switched on, connected to the internet via Wi-Fi or mobile data and have location services enabled. It can then transmit its exact location and receive commands, e.g. to wipe all data or ring loudly.

Some models can also be configured to automatically wipe data after a certain number of incorrect password attempts.

Last modification 30.07.2024

Top of page

https://www.ncsc.admin.ch/content/ncsc/en/home/aktuell/im-fokus/2024/wochenrueckblick_30.html