Why device security matters even more now

Modern technology allows a mobile device to be your bank account, wallet and payment card all in one. Your smartphone, tablet, laptop or wearable gadget (like a smart watch) makes banking truly mobile. While this is brilliantly simple and convenient, it also means you need to be more vigilant in safeguarding your devices from cybercriminals.

Banks and digital developers do their utmost to make online services and banking apps secure from thieves and fraudsters, and you should use all the tools at your disposal to keep your digital security intact. That includes using strong passwords and changing them frequently, opting for multi-factor identification, installing anti-virus and anti-malware software, and staying up to date on the latest scams and frauds so you don’t fall prey to social engineering. Even if someone steals your phone, they shouldn’t be able to unlock your banking apps without your passwords or biometric identification. But effective digital hygiene means ensuring the physical security of your devices too.

Because your devices now work effectively as a mobile bank, they not only have the ability to make payments from your accounts ─ they also contain your full banking profile, including information on your bank balance, car or home loan and much more. Anyone who gains access to your devices may gain access to all that, and the results could be disastrous.

Digital, physical and behavioural security are all essential

Cybercrime is prevalent worldwide, and South Africa is not immune. Last year alone, banking app losses increased by more than 88% and online banking losses increased by more than 44%. Every second, 9 malware attacks occur in South Africa, according to Nedbank digital domain architect Adele Jones, who specialises in studying and countering cyberthreats.

If anyone hacks into your device, they can access your accounts and payment channels, while also stealing valuable information

Device security matters now more than ever. Cybercrime threats include theft of funds by hacking bank accounts, payment cards or mobile wallets, cyber extortion using ransomware, identity theft, privacy or data breaches, and even cyberbullying. Then there are network security breaches that target company client databases, social media and online service sites, and even the Internet of Things, like smart TVs, fridges and cars. These breaches are usually the result of a cyber interaction with malware somewhere in that network, but once cybercriminals gain access, they can cause harm to third-party systems and data.

Adele suggests that you approach device security from 3 angles:

1. Digital security – locking up your software

If anyone hacks into your device, they can access your accounts and payment channels, while also stealing valuable information. One of the most common scams to hack devices is phishing: hackers will send you an ‘innocent’ call, message or email claiming to be from your bank or some other legitimate business that you deal with, asking you to confirm certain details. Once you divulge your personal information, the damage is done.

Hackers may also use malicious software – malware – to steal data and damage or destroy computers and computer systems. In this case, you don’t even need to reply to the message. If you open the attached ‘document’ or ‘video’, you could be installing the malware on your device, feeding all your information to the hacker. Unprotected payment solutions for online transactions are another favourite hacking target – which means you can be exposed to the cyberthreat even if you keep your own devices perfectly protected.

So, it’s important to use trusted, encrypted apps and payment solutions. Don’t reply directly to any calls or messages asking you for personal information. Instead, contact the bank or business that the communication claims to be from, and find out if they are legitimately making contact. Invest in anti-malware software on all your devices. You could also encrypt the information on your devices, and use a biometric or two-factor ID.

If your device uses near-field technology that doesn’t require a PIN to process a payment, you might even go to the extreme of wrapping it in foil when it’s not in use, in your bag or pocket. That way, nobody can casually brush past you and extract payments from your account, without you even being aware that a transaction took place.

2. Physical security – locking up your hardware

Denying criminals access to your physical devices is as important as denying them access to the contents. Never leave your mobile device unattended – even if you plan to be away for less than a minute, that’s still plenty of time for an opportunistic thief to run off with it. Never leave it exposed on the table at a café or restaurant – cellphone snatching is rife. A device lying on the passenger seat of your car, or visible in an open seat well, is also an easy smash-and-grab target.

If you’ve become a victim of cybercrime, immediately block or disconnect your entire banking profile from the device

When in public, keep your phone in a secure compartment of your bag – one fitted with a locking bar or a combination lock on the zip. You can even get smartphone cases that double as stun guns, delivering an electric shock to would-be thieves. You may not want to go to those extremes, but make it as hard as possible for opportunistic criminals to make off with your devices.

3. Behavioural security – making sure you aren’t the weak link

Adopt behaviours that help keep your devices secure. Try these tips:

  • Set the screen timeout to a short period of time. A lengthy timeout (or no timeout at all) allows others to use the device in your absence, so it’s a risk if the device is lost or stolen. A short screen timeout also stops children playing with your device when you’re not around, which could result in lost data and other disasters.

  • Use passwords to unlock your device or any important documents. Passwords, passcodes and PINs are generally simple and effective. For PINs, use a code that is four digits or longer and avoid repeating digits. Some devices allow users to set unlock patterns that function like a PIN. If you choose to use a pattern, make sure no one can see your screen when you enter it. Remember, smudges on the face of your device may reveal your pattern to unauthorised users, so clean the touchscreen often.

  • Never use the ‘auto-fill’ feature for passwords. It may save you time, but it will nullify any password protection, if an unauthorised user should pick up your device.

  • Delete any documents or apps you no longer need.

  • Back up important files – that applies to files on all your computers, not just mobile devices. However, mobile devices have a higher risk of loss or damage than desktop or laptop computers, because of their size.

  • Be aware of your surroundings. When using your mobile device in a public area, pay attention to people around you. Take precautions to shield yourself from ‘shoulder surfers’ — make sure no one can see you type your passwords or see any sensitive information on your screen. Ideally, don’t even use your device in public – avoid texting as you walk through a mall. Rather, keep your device in your pocket or bag and use it only when absolutely necessary.

  • For super-safe online banking, you might consider using a separate device purely for financial transactions. So, keep your contact lists and social media apps on another device, with nothing but secure banking and payment apps on your ‘financial’ phone.

  • Don’t leave your phone or smart watch under a towel on the beach while you go for a swim, if you don’t have someone to keep an eye on them. Rather store your devices in lockers or locked in the cubbyhole of your car. 

What to do in case of a security breach

If someone steals money from your account because they gained access to your phone, or they gained access to your accounts through information you revealed to them, your bank is not liable for any losses. That’s why it’s so important to safeguard your devices.

If you’ve become a victim of cybercrime, you should immediately block or disconnect your entire banking profile from the device. Don’t just block your banking cards; you need to sever all connection between that phone and your accounts.

It’s better to be safe than sorry. To stay vigilant against digital thieves, you need to treat the devices you carry around as if they were large bundles of cash. In many ways, that’s what they are...