Be Aware, Stay Vigilant, Act Responsibly!

Now is a critical time. In the current heightened security scenario, adversaries will attempt offensive engagement on all possible fronts, including the digital front. Smartphone users, ordinary citizens, are prime targets for cybersecurity threats like identity theft, financial fraud, stealth surveillance, spreading misinformation, etc. Vulnerabilities in the smartphone can be exploited for wider cybercrime and there is even potential for an adversary to try to impact critical infrastructure.

Here are some easy to follow practices for mobile users to safeguard their digital lives as an individual and as a citizen.

Your first line of cyber defense:

Don’t believe in or spread fake news/documents that are doing their rounds via social networking apps like WhatsApp, Facebook, X or any other apps. 

 So in the current scenario, be extremely cautious of the following:

• Documents, weblinks or apps shared in the names of the latest trending topics like Operation Sindoor, Pahalgam, Mock Drill, Blackout, etc.
• Avoid forwarding unverified information/news. Believe nothing, Google everything for cross-verification.

Do not install apps from third party sources/links shared:

• Do not open nor forward links/attachments in messages (via SMS, WhatsApp or any social media apps) and emails, from unknown senders. These could be phishing attempts to steal your passwords or trick you into installing harmful or fake apps that can steal your personal information. Our threat intelligence in the recent past indicates:
  • Presence of fake Android apps such as “Vahan”, “PratanMantriYojana”, and “IndiaPost”, have been used to steal users’ sensitive data like contacts, location, and even what you copy and paste, as perpetrated by APT36, a known cyber adversary group in one of its attacks.

• Never open unknown email attachments and links. Even emails from people you know could have been compromised. If something seems suspicious, even from a familiar contact, verify it through an alternative mode of communication. Don’t let urgency trick you into clicking on something risky.
• If you receive any suspicious emails or SMS messages related to bank account access issues, password changes, or anything that seems out of the ordinary, report these to the appropriate service provider or the bank. Do not try to change/share any credentials without verification.
• Download apps, especially those related to financial/government services, from the official Google Play Store (for Android) or the Apple App Store (for iPhones) where security checks are in place to filter out malicious apps.

Secure personal details: 

Be cautious about sharing personal information, especially financial details like your UPI ID or banking credentials, credit/debit card details, Aadhar number, etc, through messages or unverified apps.

• Use strong and different passwords for different accounts in your device to avoid the probability of risk for all accounts. A strong password, at least 10 characters long, and typically includes at least one of the following: 
  • Numbers
  • Capital letters
  • Simple letters
  • Special characters
• Enable Multi-Factor Authentication (MFA), also known as two-factor authentication, wherever possible. 
• Use end-to-end encrypted messaging apps when discussing sensitive information. This ensures that only you and the recipient can read your messages.
• Avoid storing sensitive information like financial details or credentials directly on your phone’s storage. Consider using secure password managers or other encrypted storage solutions.

Strengthen Your Defenses:

• Understand and Control App Permissions: When installing an app, be vigilant and grant only the permissions that are required for the app to function, and that too only when the app is being actively used.

• Enable GPS or location permissions only when you absolutely need them for an app to function. Your location data can be used to track your movements. Turn it off when not in use.
• Uninstall apps you no longer use; fewer apps mean fewer potential security holes.
• Carefully read the user reviews even before downloading any app.
• Be aware of what information the app collects from the user’s device.

Stay Vigilant:

• Public Wi-Fi networks are often not secure and can allow attackers to eavesdrop on your data. Avoid using them for sensitive transactions. 
• Protect your mobile’s personal hotspot/wifi with a strong password.
• Turn off features like Wi-Fi, Bluetooth, Location, and USB Debugging when you don’t need them. This prevents data from being siphoned away without your knowledge.

Update for better security:

• Regularly update your phone’s operating system and all your apps. These updates often include the latest security patches that protect you from the latest/critical threats.
• Protect your device and data with a reputed cyber security product like K7 Mobile Security and install updates regularly.

To ensure organizational safety:

IT Admins should configure Mobile Device Management (MDM) with tight controls to restrict user access to the organization’s confidential data corresponding to the employee’s job functions.

Remote Wipe and Lock: Your Last Line of Defense

Remote Wipe and Lock are the digital emergency buttons. If your device is lost or stolen, you can use these features to protect your data. This quickly minimizes the risk of your data being misused.

• Wipe the data remotely in case of a device stolen with the “Remote Wipe” feature from the installed security software. 

Stay Vigilant and Stay Safe!