Have you given much thought to how secure your smartphone is? There are plenty of resources to help you with responding to a suspected compromised desktop PC or laptop. But what happens if you think your mobile has been breached? How would you know? What do you do?

In this blog, we’ll look at how you can minimise the impact of your personal mobile being compromised. Better still, we’ll cover ways to try and prevent it from happening in the first place. (For work devices, we recommend following your employer’s guidance.) We’ll follow NIST’s four-step approach to security: identify; protect; detect and respond; and recover.

What’s app? Check and protect what you value most

Identify the important apps or files on your mobile phone. (Do this before it’s been compromised.) What are the ‘crown jewels’ that, if you lost them, would cause major distress and impact you financially or personally? Write them down in a list. Once you’ve done so, think about the risk and impact to you if they were compromised. What would happen if you couldn’t access your emails, mobile phone wallet, or documents?

Your next steps are to mitigate the risks you’ve just noted. Think about making changes to how you use your mobile and its apps. This brings us to the next step, protect.

Keeping your phone’s software up to date reduces the risk of compromise.

• Enable automatic operating system (OS) updates so our phone always has the latest version
• Set the screen lock to a short period of time e.g., 3 minutes
• Disable notifications from appearing on your locked screen
• Only install apps from trusted sources like Apple App store or Google Play
• Install antivirus (AV), bought from a reputable provider (free AVs are available too)
• Use the VPN functionality of your AV app, or if the phone maker provides it
• Enable multi-factor authentication (MFA) when available for apps like email, banking, social media, etc

Other measures you can take to reduce the impact of an incident include backing up files or photos. There are cloud services that provide this service for a minimal monthly fee. They’re easy to set up and work seamlessly with little impact to your mobile phone’s performance. To save space in your cloud backups, print photos that give you joy and delete ones that don’t.

Connection trouble: review wireless networks your phone remembers

Review the history list of Wi-Fi access points that your phone has connected to in the past. Remove obsolete and public networks. Disable the ‘connect to Wi-Fi automatically’ feature also. This ensures you’ll always get a prompt if you want to connect to a new network.

Disable Bluetooth and nearfield communications when you’re not using them. Change the default PIN code to connect to mobile phone Bluetooth.

Encrypt the data stored on your mobile phone. This feature is already enabled on iPhones, iPads running iOS8, or later versions once the passcode or touch ID is enabled. For Android, however, you may need to enable encryption manually.

Use your own cable for charging your mobile and don’t charge it in public places unless it’s an emergency, and you’re still in possession of – and have full line of sight to – your phone.

Be cautious when using QR codes. Ensure you check the URL presented by the QR scanner before you click it to browse or open the link.

Sign of a breach: how to tell if your mobile is no longer in your control

Detect and respond is step three. If you suspect something’s up with your mobile, here’s a list of the most common potential indicators of compromise (IOCs).

• If your battery keeps losing power and the phone feels hot to the touch, that could indicate malicious software running in the background
• Apps behaving strangely, such as opening or closing by themselves, camera recording, etc
• Contacts receiving unsolicited messages from your phone that raise concern
• Unusual mobile data usage (regularly check your mobile phone bill)
• Unexpected packages delivered that you didn’t buy (check your banking statements regularly)
• New apps appear on your phone screen that you didn’t install

If you’ve got AV installed already and it’s notified you about a potential issue, follow its instructions like quarantining and removing compromised files, for example.

What to do if you suspect a hack

If you’re worried you may have lost control of your mobile, contact your network provider and ask them to block your SIM Card and send you a new one.

Next, change your voicemail, recording a new message that gives callers an alternative number to reach you at. Most mobile networks let you do this from alternative phones just by dialling the number you want, and following some simple steps. Here’s more information about this from the two biggest networks in Ireland, Three and Vodafone.

One reason why your mobile might be acting unusually could be just a glitch in a recent OS update. Check your settings to see if a new update is available and whether it addresses a recent OS update issue.

Change your mobile phone password/PIN. Using your desktop PC or laptop, change all passwords for the apps you use from your mobile phone.

If you use online banking apps or websites, contact your bank immediately to inform them about the potential compromise so that they can check for suspicious behaviour.

Get well soon: how to recover a compromised mobile

Step four is recover. If you’ve confirmed your phone is already compromised, here’s what you should do. First, install AV and scan your mobile phone, ensuring you include files and photos in the scan. If the AV confirms the phone is now clean, back up photos to a trusted location. Then, wipe the phone’s memory with a complete factory reset. Re-install AV and set up cloud backups.

Install priority-one apps (the most important ones you identified at step one), followed by remaining apps. Remember to check that VPN is enabled and that MFA is also enabled for apps that support it. Follow the steps outlined in the ‘Protect’ section above to further enhance your device’s security.

Tune in to a future blog for advice on what to do if your mobile phone has been lost or stolen.

Alexis Robinson is cybersecurity project manager with BH Consulting.