This entry is part of the series Ten things you can do to improve IT security and reliability without spending money

How many of you use the passcode or password feature on your mobile phone?

Let’s imagine for a moment what information would be available if someone found (or stole) your mobile phone.

First, they’d probably find the phone numbers and maybe addresses of your closest family members, your children, perhaps elderly parents.  It would likely be easy for them to figure out who is who, since most of us enter “mom” as the phonebook entry.  Or if you’re married a long time like me, you have “mom1” and “mom2”.  My soon to be son-in-law has “girlfriend mom” as the entry in his phone.  You may have pictures of all these people also.
If you use the notes or memo feature on your phone, whatever tidbits of personal information (maybe account numbers, passwords, etc.) would be ripe for picking.

And to top things off, if you receive email, particularly email business email, on your phone, you will have potentially exposed private and confidential information.

Considering the negative impact the exposure of all of this could have, I suggest to you that a momentary pause to enter a password before using your mobile phone is well worth it—at no cost and 2 seconds extra effort.  By the way, on most phones that I know of, you don’t need to enter the password when answering an incoming a voice call.

More and more we use our mobile phones for everything, including applications where we expect the highest level of security, such as online banking. Many banks provide apps for the Google Android phones and Apple iPhones that let you check your account balances, transfer funds, and pay bills. These are incredibly convenient, allowing you to check your balances before making a purchase, move funds to avoid overdrafts, and pay bills whenever you remember, not just when you are in front of a computer. But what are the risks of having these apps on a device that could easily be stolen or lost?

The first line of defense is the security of the mobile device itself. Your phone should be password locked requiring you to enter a password in order to access any of the phone features. Apple also provides a powerful option, allowing you to remotely transmit a command to erase the contents of your phone in the event that it is lost or stolen. But what is at risk if someone gets access to your mobile banking apps? If you store your username and password in the app, the person with your phone may be able to do everything you can do with your accounts. Most banking apps require that a password be re-entered before proceeding with operations that move money, greatly reducing your risk as long as you have maintained good password practices (see The Care and Feeding of Passwords). So a great deal of security is obtained by password protecting your phone, never saving your banking username and password on the phone, and choosing passwords that are easy for you to remember without being easy for others to crack.

Banks design their software to reduce the risk of fraud, but thieves and hackers are working just as hard to break the applications. Make sure that you keep your antivirus service up to date on your phone and keep your bank's software up to date also. Your bank will make updates available in order to keep you more secure (as well as upgrade service). Finally, it is a good idea to keep your bank emergency contact information with you separate from your phone so that if you your phone is lost or stolen, you can notify the bank and/or log in via computer to change your password.

By taking a just a few simple precautions, you can safely take advantage of the power and convenience of mobile banking.