February 3, 2013— -- If you think of your smartphone as just a phone, rather than a very powerful mini-computer that happens to make phone calls, you may be cruising for a world of pain.
That's because the amount of sensitive data many of us store on our phones is truly staggering. A smartphone provides us direct access to our savings and checking accounts. It may store our passwords to Facebook, Twitter, Pinterest, even our email accounts. The phone numbers and email addresses of all our friends and colleagues are easy to find in our contacts directory.
What chaos could ensue if a thief happens to get his hands on all that data? And it probably isn't especially hard to steal. Any security system is only as good as its weakest link, and humans are the weakest link of all. Despite our best intentions, how many of us have left our phones -- or come dangerously close to leaving them -- in the backseat of a taxi, sitting on top of the toilet paper dispenser at our favorite restaurant, in the seatpocket of an airliner, on the bar of a tavern, by the hotel pool, or on a conference table after a meeting?
Equally unpleasant, your phone could be hacked or compromised by a virus while you are doing online banking -- or browsing the Internet at your favorite Starbucks, at the airport, in a hotel lobby, or sitting at a table waiting for your date to arrive.
If you've taken the right steps to protect yourself, losing your phone will be just an annoyance. But if you've failed to safeguard your phone with a password, backing up all your data and installing a program that can wipe the phone's data remotely, you are setting yourself up for a seriously traumatic event.
To help you prepare your defenses, here are the 10 dumbest things that people do (or fail to do) with their smartphones.
1) No password protection.
If you could "lock" your wallet, wouldn't you? Well, why don't more folks lock their iPhone or Android phone? While it is nowhere CLOSE to being foolproof, a phone password works like the theory of the burglar and the dog: If you take that extra step to protect yourself, most bad guys will simply move on to the next (easier) target. It's a lot easier for a thief to steal a smartphone with no password than it is to work on cracking your phone.
2) Shopping online with an Internet browser instead of a shopping app.
If you have the choice between shopping at Amazon.com using your phone's browser versus Amazon's app, use the app! Ditto for eBay, Overstock, and any big retailer that gives you the option of using their app. Unlike browsers, dedicated shopping apps are designed to ward off phishing and other kinds of scams. (Before you download it, just make sure it's really their official app!)
3) Remaining logged into banking, PayPal, eBay, and other sensitive apps.
Would you keep your Macy's credit card, Wells Fargo debit card or AmEx on top of your desk at work? How about the front seat of your car? I think not. Then why would you keep your phone permanently logged into those same accounts? When you finish banking or shopping, make sure to log out. And NEVER click the box asking the app to save your user ID or password. Yes, it's a pain in the butt to log in every time. We all tend to value convenience over security. But if a thief gets a hold of a phone that is already logged into sensitive accounts -- especially if that phone has no password -- it could spell financial disaster. And remember, turning off your devices every now and then can be a good idea.
4) Automatically connecting to any available WiFi connections.
Whether you are using your laptop, tablet or smartphone, switch off the feature that connects to nearby WiFi networks automatically. Otherwise, hackers with the right software can easily hack your phone, as security experts have warned us for more than a decade.
5) Leaving Bluetooth connections open.
Bluejacking, Bluesnarfing, Bluebugging. These are all words that describe a hacker exploiting the open Bluetooth connection on your phone. While this type of hack requires the intruder to be relatively close to you (less than 30 feet away), the intrusion can occur undetected in a busy airport, hotel lobby, restaurant, or at a conference.
6) Failing to properly purge data from old smartphones.
This is a very common mistake. Many people fail to remove sensitive, personal data from their smartphone before taking it out of service, donating it or selling it. Short of physically shredding your device (which is the only surefire way to delete all your data in an irretrievable manner). For a how-to guide, click here. Deleting data before getting rid of your phone is simple common sense.
7) Downloading "free" apps that aren't actually free.
Some Apps that call themselves "free" are actually little more than thinly-disguised data thieves. Downloading one gives the app complete access to your phone, which a fraudster can use to steal your credit card and bank account info. Such apps also can turn your phone into a launch pad from which scammers can attack other peoples' phones with SMS texts and Smishing scams. Be smart and discreet about what you download. Read reviews first, and make sure the apps you download come from reputable sources.
8) Storing sensitive data on phones.
Many people store passwords, pins, Social Security numbers, credit card or bank account information on smartphones. It may be a document created expressly for this purpose, or it could be an email they themselves from their computers. On a phone, emails and downloaded documents are especially easy for thieves to find and steal, especially if the phone is not password protected. Some people even label the document or email "passwords," making them especially easy prey for hackers and scammers. Make sure to delete all documents and emails containing sensitive information from your phone.
9) Failing to clear browser history.
Not clearing the browser history on your phone can be just as dangerous as staying logged into the website of your bank or your favorite store (see mistake #3). By retracing your steps, a phone thief can use your history to hijack your accounts, steal your money and wreck havoc. To learn how to delete your history on an iPhone, click here. Android users can click here.
10) No remote wiping software.
Various apps and services enable you to locate your phone, and also wipe its data clean, if it's lost or stolen. Tech-savvy hackers may be able to disengage these applications, but it's just one more layer of protection you can use to reduce your risks if you ever lose your phone. For more information on how to disable your phone remotely, read this story.
At the end of the day, it doesn't matter how many anti-identity theft laws we passed, or how vigorously those laws are enforced. The ultimate guardian of the consumer is the consumer herself. Your identity is your asset. It is up to you to vigorously defend and protect it. You can take major steps toward protecting yourself by avoiding these stupid smartphone tricks.
Adam Levin is chairman and cofounder of Credit.com and Identity Theft 911. His experience as former director of the New Jersey Division of Consumer Affairs gives him unique insight into consumer privacy, legislation and financial advocacy. He is a nationally recognized expert on identity theft and credit.