At a glance
By Rosalyn Page
Mobile devices have become an indispensable tool for accounting and finance professionals, but with growing security threats, it has never been more important to secure your phone from attacks.
When it comes to cyber security, mobile devices can be overlooked by organisations, but they’re a significant risk to security and privacy, according to Damien Cantelo, CEO of cyber security company Apollo Secure.
"Accountants have a responsibility to protect their customers’ sensitive information and need to make sure mobile devices don’t lead to that information being leaked."
Cantelo says for accounting practices holding sensitive financial information, customer data is critically important and mobile devices can easily lead to a wider data breach if not properly protected.
“Accountants have a responsibility to protect their customers’ sensitive information and need to make sure mobile devices don’t lead to that information being leaked,” he says.
To reduce the risk of an incident, follow these 11 steps to protect your phone and ensure your information is secure.
1. Protect customer data
It might be convenient when working on the go, but it is better not to download customer records or other data from accounting or customer relationship management [CRM] programs on to the phone.
“It is much safer to keep the data in its source location, so the information is protected by the organisation’s security controls,” Cantelo says.
2. Use a password manager
A password manager can store passwords and other sensitive information securely and can be accessed through an app on the phone for ease of use.
“This is the best way to ensure you’re using complex, unique passwords without trying to remember them all,” he says.
3. Secure your device with biometrics
Enable biometrics, such as fingerprint or facial recognition, to protect the device in case it falls into the wrong hands. The screen lock and inactivity auto-lock will also prevent unauthorised access.
4. Apply updates automatically
Enable automatic updates to ensure critical patches are always applied immediately. Ensuring the operating system and apps are updated regularly will help protect against the latest security threats.
5. Be wary of unofficial apps
Only download apps from official app stores and review permissions to prevent unnecessary access to your personal information.
If an app requests permissions that seem excessive for its functionality, reconsider installing it. If in doubt, don’t.
6. Beware free, public wi-fi
Public wi-fi networks are often insecure and can be exploited by hackers to intercept data, posing significant security risks to your device.
“If you need to use public wi-fi frequently, consider using a virtual private network (VPN) app on the phone.”
Upskill
7. Don’t store contacts on the SIM card
Store contacts on the phone itself rather than the SIM card, so that, if the phone is lost, the data can be wiped and won’t fall into the wrong hands. It also protects against the risk of SIM swap scams.
“It’s important to keep your contacts stored in the cloud, so you can quickly recover [them] if you lose your device,” Cantelo says.
8. Back up
Regularly back up the phone using a cloud service or external hard drive to ensure there is a copy of everything in case it is lost, stolen or breached.
9. Be careful with what you click on
Check browser links through email, text message, via QR codes or online. Avoid clicking on suspicious links or providing personal details through email or text messages. Verifying the source of messages and using spam filters can help reduce the risk.
10. Use an authenticator app
If it is an option, use an authenticator app for accounts that require multi-factor authentication (MFA) such as a code or PIN. “This is a more secure option to receive authentication codes because SMS is more vulnerable to SIM swapping,” Cantelo says.
11. Turn on the “Find My” setting
Turn on the “find my phone” settings on your phone, so that if it is lost or misplaced, you can try to locate it. It can also allow you to remotely wipe data from lost or stolen devices.
Cyberattacks glossary
| Malvertising | Malicious advertising that appears on legitimate websites that redirect to harmful websites or download malware onto the device without the user’s permission. The user doesn’t need to intentionally download or install any files; simply viewing or clicking the ad can lead to infection. |
| Malware | Malicious software that can infect networks, computers and mobile devices with viruses, worms, trojans, ransomware and spyware to steal data, encrypt information and hijack devices. |
| Phishing | A form of social engineering attack where cyber criminals use fake messages such as emails, SMS messages, links or fake websites to trick people into revealing sensitive information such as usernames, passwords or credit card details. |
| QR code exploits | Malicious QR codes that direct users to phishing sites or trigger the download of malware when scanned by a mobile device. |
| Ransomware | Malicious software that locks or encrypts files, where attackers demand a ransom payment to restore access or stop data from being released. |
| SIM swapping | Where the attacker persuades a mobile carrier to transfer the victim's phone number to a new SIM card, giving the attacker control over the victim's calls and messages. |
| Spyware | Malicious software that can secretly monitor and collect information from a user's device without their knowledge. |
| Trojans | Malicious programs that pose as legitimate software to trick users into installing it, allowing unauthorised access to their systems. |
| Worms | Malware that replicates and spreads across networks without user activation, often causing widespread damage and disruption. |
