If your mobile device contains any personal or private data, then it's crucial you protect it. In many cases, mobile devices contain sensitive information that, if breached, can cause significant problems for the users.
For example, more people are storing copies of their driver’s license, employer data, insurance details, social security card, bank account information and passwords on their mobile device. Even personal pictures can be a major security concern. When applying for loans, instead of faxing, many people take pictures of important financial documents and email them to the requestor but do not delete the pictures from their phone.
One very critical step you can take to secure this is to encrypt your mobile data.
Concerns about lock screen PIN numbers
Many mobile phone users believe just locking their phone screen is enough to secure it. That is simply not true. When it comes to mobile phones, the four-digit PIN is most widely used for securing it. Four-digit pin codes are very weak because there are only 10,000 unique PINs available. Within a few days, someone could locate the correct PIN through a brute force type of password attack. This type of attack software is very easy to obtain for free and does not require an expensive or powerful computer for it to be effective.
A random six-digit PIN will offer more increased security because there are a million possible combinations, but with a weak PIN and some time, it is possible for a hacker to bypass it. There are many tools that are designed to try every PIN combination without triggering other security mechanisms.
Another major concern with just relying on lock screen PINs to secure your phone is that your device may contain bugs in its software that can allow attackers to bypass them. All someone has to do is perform a quick search for “bypass phone lockscreen” on their search engine, and it will yield a lot of results. These lock screen bypasses can be an issue for older mobile devices that don’t receive active security updates.
Benefits of encryption
Encryption does a lot more than just prevent a person from accessing information on your cell phone, as the lock screen does. For example, think of a lock screen as a lock on the front door of your home. A lock on your door prevents an uninvited guest from coming into your home to steal your personal belongings, but you have to think about what you would do if they break the locks and enter your home. You have to have multiple layers of defense to truly protect your data. In the security community, this is called “defense in depth,” and that is what encryption offers.
Encrypting the data takes security to a much further step. It makes the information on your phone unreadable. Even if a hacker were able to break through your locked phone screen, they still would not be able to view your data. For example, if a thief breaks in through the lock on the door of your home, encryption would be as if everything in your home appears to be in an unbreakable safe.
A strong encryption algorithm to use is Advanced Encryption Standard (AES). It is probably the most widely used algorithm for encrypting mobile data. It is a symmetric encryption algorithm that has been a U.S. government standard since 2001. It is widely regarded as one of the few unbreakable encryption algorithms.
There are many options for encrypting your data while using your mobile device. There are applications that can enable you to encrypt your outgoing calls, there are text encryption applications and applications that allow you to send and receive email encrypted using the OpenPGP standard. Apple even has preinstalled tools that allow you to remotely wipe the data on your iPhone and ensure no one can steal your information if it is lost or stolen. My concern with this is that if your phone is recovered, you will lose all of your data. It is important to be familiar with these various options to make sure you apply a form of security that protects your critical information.
One concern many people have with encrypting their mobile device data is that at times it can take longer for them to log into it because data decryption takes place each time. On certain phones, once you decide to encrypt your device, there is no way to change your mind other than factory resetting your phone, and it can be a cumbersome process to go through. In this generation where people tend to want to immediately operate their electronic devices, encryption can be considered a nuisance.
Hardware- or software-based encryption?
If you decide to encrypt your data, you will have to choose between software- or hardware-based encryption. Most of the major mobile device manufacturers offer some form of hardware encryption. Software solutions consume more system resources, which includes CPU and memory. This can lead to a more diminished performance. Hardware-level encryption has less of an impact on the performance and is usually the preferred method.
For many people, encryption may seem excessive, but it is important not to forget that our mobile devices usually carry some of our most critical personal data, which can include financial records, insurance and medical data. It is important to think about what would happen if this information were to get into the wrong hands. A strong password and proven encryption algorithm are a great combination that will ensure that the valuable data on your mobile device is properly secured against unwanted access.