Although some people might worry about the National Security Agency itself spying on their phones, the NSA has some sage advice for iPhone and android users concerned about zero-click exploits and the like: turn it off and on again once per week. How often do you turn off your iPhone or android device? Completely turn it off and then reboot it, rather than just going into standby mode, that is. I suspect that the answer for many people is only when a security or operating system update requires it. That, according to the NSA, could be a big mistake. In a document detailing several mobile device best practices, the NSA recommends users turn their devices off and then back on once every week to protect against zero-click exploits, which attackers often use to eavesdrop on and collect data from phones. Users can mitigate the threat of spear-phishing, which can lead to the installation of yet more malware and spyware, by the same simple action. However, the NSA document does warn that the turn it off and on again advice will only sometimes prevent these attacks from being successful. “Threats to mobile devices are more prevalent and increasing in scope and complexity,” the NSA said while warning that some smartphone features “provide convenience and capability but sacrifice security.” As such, doing something is always better than doing nothing when it comes to being proactive about your device and data security. The advice given is not some silver bullet that will solve all your security ills, it must be noted. Indeed, the NSA document includes a chart that shows how effective each tactic is against different threats. While good general advice, turning it off and on again will not help you against many of the more advanced malware and spyware threats that are programmed to reload on reboot. The NSA also advises Phone users to disable Bluetooth when not using it, update the device as soon as possible when operating system and application updates become available and disable location services when not needed. The small matter of security over convenience comes into play for much of the advice given, as you can tell already. Throw in not using public Wi-Fi networks and not using public charging stations, despite plenty of security experts considering the risk to be low in most real-world use cases, and many smartphone users are likely to roll the dice. When it comes to public Wi-Fi there’s a difference between the risks that can be present and an individual actually being at risk. While it is possible for a determined criminal to use unsecured networks for nefarious purposes, this usually involves tricking an unsuspecting user into connecting to their Wi-Fi hotspot rather than one being provided by the railway company, airport, or coffee shop. A recently disclosed vulnerability that can lead to something called an SSID Confusion Attack is a good example of how this can work. Without going into the technical details, read the article for that; it can disable your VPN in certain circumstances and make it appear that you have connected to a secure network when you haven’t. But, again, most unsecured public WiFi networks are safe to use for general activity. The U.K. National Cyber Security Centre suggests that users instead connect by way of their mobile 4G or 5G network as these “will have built-in security and you can also use the tethering feature of most such devices to connect your laptop to your smartphone’s network. This makes sense when performing sensitive activities such as online banking, for example. The Federal Communications Commission, an independent agency of the U.S. government, also offers some pertinent security advice for smartphone users. There is a lot of overlap in the advice offered by differing government and law enforcement agencies, some of the FCC advice is worth mentioning here. Not modifying the security settings of your smartphone, for example. “Tampering with your phone’s factory settings, jailbreaking, or rooting your phone undermines the built-in security features offered by your wireless service and smartphone,” the FCC advises, “while making it more susceptible to an attack.” The mantra of not disabling security settings for the sake of convenience is one I agree with, but I acknowledge this is likely to go ignored by the general user, for whom convenience is everything until a security incident impacts them personally. The FCC also warns that understanding app permissions is important as these can be used to bypass certain security functionality by a malicious app developer. Luckily, modern mobile operating systems have made such permission granting more transparent than ever, but it still pays to be alert to the danger. “You should be cautious about granting applications access to personal information on your phone or otherwise letting the application have access to perform functions on your phone,” the FCC said. Learn more by visiting OUR FORUM.