We know that our data can be vulnerable wherever it’s stored, but the News of the World hacking scandal showed that mobile represents a particularly problematic environment. Investigators breaking into Milly Dowler’s phone shocked the nation, but also revealed once again how insecure our personal data can be. So what can we do about it?
There always seems to be some hack in the news these days – but it’s good to keep in mind that most modern mobiles are secure. Smartphones are essentially computers with the ability to use mobile networks, and like other computers the information they hold can be protected with encryption. The problem is that, by default, much of it isn’t. For example, it emerged in 2014 that the NSA and GCHQ could intercept data sent from apps such as Angry Birds, potentially revealing information about players’ age, sex and their device’s unique identifier. This doesn’t sound like a big deal – and for most people it’s not – but it shows how your personal information is at risk in a bewildering number of ways.
Realistically, there’s very little you can do to stop agencies such as the NSA or GCHQ surreptitiously accessing your information. Against less sophisticated hackers, however, it’s a different story. Here, encryption can work very well – the trick is making sure your apps, especially those you use to send secure communications, actually use it. This is especially important with services such as online banking or accountancy solutions such as Receipt Bank. The Receipt Bank app lets you photograph your receipts and then automatically uploads them to its servers and extracts the relevant data from them – a fantastic service that can save you lots of time, but which would also, without the use of encryption techniques, have the potential to let a hacker discover sensitive information about business costs. Fortunately, Receipt Bank uses industry-standard 256-bit SSL encryption to protect all communications, so your data is safe.
Encrypting the data you send is important, but it’s also important that you use a secure connection. When you’re on your phone, you’ll normally want to use free WiFi if you can – but free WiFi is notorious for being insecure and easy to hack, partially because anyone can access it. However, there are steps you can take. Most hackers are just looking for data they can harvest easily, so keep using encryption: HTTPS Everywhere is a browser extension which forces websites offering HTTPS connections (secure, encrypted connections) to connect securely with you, even though they might otherwise default to a less secure means of communication. That way, any data intercepted by a malign agent will be unreadable by them. This can’t help you if a site isn’t set up to support HTTPS though. In these cases, using a Virtual Private Network (VPN) can help – good, free options for mobile include CyberGhost and TunnelBear. Is it awkward? A bit. But it’s worth it to protect your sensitive data. The good news, though, is that since apps such as Receipt Bank use end-to-end encryption anyway, your data will be safe regardless of your connection. These techniques are still useful, however, to protect other data you send which may not be encrypted.
An alternative is to use mobile data (3G/4G), but there are problems here as well. Mobile data encryption standards aren’t totally secure, and hackers could access your information by routing your requests through a fake mobile mast – although in practice this is unlikely. But just because something is unlikely doesn’t mean it won’t happen. It’s always best to be prepared. Again, data from apps such as Receipt Bank would be safe since the data is encrypted, but other data such as telephone calls and text messages could be accessible.
When considering investing in security – whether that’s anything from subscribing to a VPN client to upgrading your business’s security systems such as firewalls – the question is always “Is this necessary? Who would target me?” As we’ll see in the next post, small businesses are in fact becoming a major target for hackers. Security is essential. It’s good to know, though, that all the tools Aiteo uses are secure – you can trust us with your data.
.