Risk Considerations
By installing software social media apps on your mobile devices, you give these companies permission to access your phone’s data including photos, videos, contact lists and location information. Sometimes you can explicitly deny these permissions, but in order to use these apps to their fullest, you may not be given that option.
Here are some risks that could impact you:
- Identity theft. Many people consider their personal social media presence to be private. However, attackers can use personal information shared on these apps to impersonate you and access confidential data, such as bank account information. This is a powerful tool for those looking to commit financial fraud.
- Privacy concerns. Depending on your privacy settings, personal information and communications posted on social media can be accessed by unintended readers or recipients.
- Data leakage. The apps you install may contain spyware, resulting in a leak of your important information, including credit card numbers, personal photos or stored passwords.
- Information sharing. Apps may collect your personal information in the background, such as where you shop, what you search or your travel patterns, and share it with marketing firms or other agencies without your knowledge.
How apps on devices impact the University
Since most of these apps are not vetted by the University’s information security teams, they may contain vulnerabilities that could be exploited and result in security incidents.
- Due to the data collection and sharing policies of these apps, the University’s confidential information is at risk of exposure to unauthorized users, which may result in reputational and privacy impacts to you, your colleagues, your students and the broader University.
- These applications may be an entry point for social-engineering attacks such as phishing and ransomware, which may put the University, its community members and their data at risk.
Best Practices
- Enable a security PIN, inactivity auto-lock, and the built-in encryption
- Apply automatic updates for the operating system and apps
- Use the AppStore & iTunes or Google Play for apps, games and media
- Some apps may be harmful, so use caution when installing. Don’t install apps that ask for permissions that don’t make sense for the app. Read an app's reviews before installing it. Delete apps that you’re not using.
- For the best experience, use major vendor apps, like the Firefox or Chrome browsers and Microsoft Outlook email app
- Use the University’s GlobalProtect VPN, especially on public/free WiFi
- Enable find my phone, lock my phone, and remote wipe features
Up Your Mobile Device Security Even More
- Devices not receiving security updates should be replaced. Security updates typically occur every 3-6 months, and at least yearly. Since mobile device apps and user accounts are highly integrated, it is important that the entire device get regular security patches.
- Be on the lookout for mobile-specific threats like Vishing (phishing voicemails) / Smishing (phishing text messages). The people behind email phishing campaigns will also target your phone. Be wary and double-check legitimacy of suspicious messages.
- Install anti-virus for mobiles, such as Sophos Intercept X for Mobile from Google Play. Just like computers, mobile devices can be infected with viruses, malware and dangerous apps.
- Disable Bluetooth, NFC (tap payments) and GPS location services if not being used. This will increase your security and privacy, and extend your battery life.
Mobile Device Security
Many smartphone applications, including social media platforms, gather and share users’ private and personal information. Because of this, many of these apps pose significant security risks. It is important to be aware of and consider these risks when downloading and using apps.
The guidelines below explain some of the risks, what to watch out for and how to reduce the risk to you and the University.
