How to secure your phone to keep financial data safe

Many Canadians carry their lives on their smartphones: phone numbers, emails, social networks, business information and, in recent years, financial details. Your phone is a treasure trove of personal information that, in the wrong hands, could leave you vulnerable to account fraud and identity theft.

"As a consumer, you would probably be pissed off if your bank manager had all of your personal information on an unprotected unsecured mobile phone," says Robert Siciliano, CEO of IDTheftSecurity.com who speaks on identity theft and security issues in the U.S. and Canada. "So what makes it OK that as a consumer you don't properly protect your device?"secure-mobile-device

Of course, no one expects to lose a phone. But too often, smart devices are left on restaurant tables or buses, or they're stolen while you're at the gym. Here are five ways to ensure your information is safe, even if your phone ends up in a crook's pocket.

1. Always use a secure wireless connection (Wi-Fi).
"Unsecured Wi-Fi is the path of least resistance for anyone trying to hack your phone," says Siciliano. "Installing what's called a VPN, or a virtual private network, is fundamental to protecting your devices on unsecured Wi-Fi."

Though VPNs do not make connecting to the internet entirely anonymous, they do require password authentication, which prevents unauthorized access to the network and, by extension, your phone.

"Never access your mobile wallet or perform mobile transactions over public Wi-Fi unless you're using a VPN from your phone," says Bryan Zarnett, managing director of security at Cytelligence, a boutique cyber security firm in Toronto.

2. Lock your phone with a password.
Another way to prevent unauthorized access is with a password on the device itself, especially when it comes to mobile banking.

Password protection may seem obvious, but data analysis firm International Data Corp. reports that only 58 per cent of Canadians actually lock their phones with a PIN, pattern password or fingerprint reader. Of those who do protect their data, only 21 per cent have a unique password for all their accounts, a number that drops to 11 per cent of users ages 18 to 29.

"A lot of people don't have Touch ID, passcode or screen lock enabled," says Olabode Anise, research and development intern at Duo Security, a digital security firm specializing in two-factor authentication.

"When it comes to mobile banking, it is important to make strong passwords and to not reuse them," he says. "You want to make it as difficult as possible for someone to access sensitive information even if the device is stolen."

To easily secure your device, try using a password manager such as LastPass, which provides automated encrypted passwords that come from one master password, so users can get unique and secure passwords for all of their accounts without having to remember them all.

3. Only download apps from trusted providers.
There are tons of apps in the App Store or on Google Play, and hundreds promise to help you organize your finances or track your spending. But you should only download apps from providers you trust.

"If you are using some sort of financial wallet, then you have, to a certain extent, to trust the provider," Zarnett says. "If you don't trust the provider, then don't install the application. Apple Pay and PayPal are good examples of globally trusted providers, so financial transactions are pretty safe. You can't say that about all of them."

Before you download an app, Zarnett says to ask yourself, "Do I trust the organization that created the application?" If you don't, don't install the app.

It's also important to make sure you keep the apps you do trust, as well as your operating system, updated to the latest version.

"While these updates may deliver some type of new functionality, they usually provide a patch for a security vulnerability," Anise says. "By not applying updates, a user will be susceptible to attacks via known vulnerabilities."

4. Don't leave your phone lying around.
It may sound obvious, but one of the most common mistakes people make can't be fixed by technology -- it's directly attributed to human error. Zarnett says a surprising number of people leave their phones unattended in public, making them vulnerable to thieves or hackers seeking to plant spyware or malware.

"In an uncontrolled public environment, such as a busy coffee shop or the airport, I am always amazed at all the phones lying around," he says. "Some are password-locked and others are not. These days, phones look the same, so to switch one out is fairly simple."

5. Employ data encryption.
You can also proactively protect your data even if your phone is stolen or otherwise compromised. You just need to enable encryption on the security menu. With encryption enabled, unless the user has a PIN, password or pattern code, all data will be scrambled.

You can also install a recovery app to track and wipe data from your phone if it is stolen.

With the security of your devices, it's up to you to be proactive. All of these security suggestions work only if you employ them on an ongoing basis.

"I would hope that people realize that their vigilance is crucial," Anise says. "While there are great security technologies enabled by default on many mobile devices, they are just another level of defence that work best when users are taking the right steps to secure their phones."

See related: 3 common online financial security mistakes for young adults, Third-party financial apps: convenient, popular -- secure?, Cybercrime is nothing to like or share
Updated November 15, 2016

Most recent Legal, regulatory, privacy Stories