Home Blog Smartphone Security: What You Need to Know

Smartphone Security: What You Need to Know

June 02, 2022
Young woman holding smart phone with launched security application at home. Concept of controlling and managing home security from a mobile device

Smartphones are an undeniable staple in our lives. We use them to stay connected with friends and family, to get work done, and to access hours of entertainment, as anyone who has fallen victim to the endless scroll knows all too well. With the increasing reliance on smartphones, we need to consider cybersecurity. After all, our phones contain a lot of personal and sensitive information. Unfortunately, smartphone security is often overlooked.

Learn the security risks that threaten smartphones, and, most important, what you can do to protect yourself. Taking simple precautions can help to keep your data safe from cyber criminals.

Smartphone Security Flaws

Smartphones have the same security flaws as other internet connected devices. The different security threats that smartphone users need to be aware of include:

  • Malware
  • Phishing attacks
  • Social engineering
  • Physical device theft

Let’s explore each of these in greater depth to better understand how to prevent each type of attack or risk.


Malware, known in full as malicious software, is any type of software that brings harm to a device. And with the prevalence of smartphones, cyber attackers have developed a variant known as mobile malware. This type of malware is designed to attack specific operating systems and mobile software. Research shows that the Android operating system is the target for most mobile malware.1

Mobile malware includes root malware, a type of software that allows hackers to access files via administrative privileges. Other mobile malware can give attackers allowances to perform transactions and to communicate without the smartphone owner’s knowledge.1

Phishing Attacks

In this type of cybersecurity attack, perpetrators impersonate a legitimate person or business in the hopes of getting you to give up your credentials, whether it be a PIN or a password.2 If you work in an office setting, you have likely had some training on how to spot a phishing email or website, but it is easy to fall into complacency and accidentally reply to this type of email or click on a link that you shouldn’t. Take that attack out of the work setting to your smartphone when you’ve kicked your feet up for the day, and it becomes easy to see how attackers can successfully penetrate our defenses.

Social Engineering

This umbrella term covers a number of exploits and depends on your willingness to be helpful in order for the attack to work. Social engineering attacks are designed in order for the attacker to get your credentials to attack a digital or physical target. Using soft skills, the attacker works to get initial access and then will employ hard skills to escalate the attack.3

Phishing, which we already discussed, falls under this social engineering umbrella. A variant of phishing—spear phishing—sees an attacker targeting one “fish” at a time, rather than casting a wide net, meaning that the attack will be more sophisticated. This type of social engineering attack can occur via email, phone call, or text. Emails are carefully crafted to look like they came from your workplace, phone calls are made to capitalize on a sense of urgency, and SMS text messages are sent to fake a login verification. All of these methods are used in the hopes of getting your credentials.

Physical Device Theft

This type of security risk is fairly obvious, but cannot be overlooked. Having your physical device stolen or losing your device opens you up to a myriad of risks if you have not prepared for these eventualities. Devices and the apps on them, if not properly secured at all levels, offer up a delicious data buffet to nefarious attackers.

Securing Your Smartphone

Being vigilant of cyberattacks 24/7 can make even the most stalwart IT professional weary, so what hope is there for the everyman?

Fortunately, there are a few simple security-enhancing measures you can take to secure your smartphone against all of the threats listed above. These include:

  • Using a strong password or passcode to lock the device
  • Installing a security app as you would on your computer
  • Keeping your OS and apps up to date
  • Being careful of what you download and install on your phone
  • Backing up your data regularly
  • Be aware of how to shut down your phone in the event of the theft

Keeping your OS up to date is especially important for smartphone security. While it may seem like a hassle to download and install updates, it will save you lots of extra work in the long run should your outdated OS be hacked.

With these simple measures in play, and a general awareness of the tactics cyber attackers use to get to your protected information, you will stay a step ahead in maintaining the security of your mobile device.

Specialize in Data and Privacy Law with Cardozo School of Law

Unsecured smartphones can impact more than just the individual user, especially if they are using their phone for work. According to the Verizon Data Breach Investigations Report, 85 percent of company data breaches have a human element involved, meaning there is a great need for organizations to focus on mitigating the impact cybersecurity risks posed by their own employees.4 Step up to be part of the risk mitigation solution for smartphones, work computers and other internet-connected devices with an online Master of Studies in Law (MSL) in Data and Privacy Law from Yeshiva University Cardozo School of Law.

Earning a master of studies in law with a specialization is an excellent way to set yourself apart in your field. As such, the Cardozo online MSL focuses on data and privacy law, breaking down the complexities of cybersecurity and data and privacy laws to allow students to excel in IT, cybersecurity, HR, operations and more.

Cardozo’s MSL program is designed by industry leaders and combines theoretical and practical perspectives on compelling topics, including international data protection, cybersecurity, internet law and much more. As a Cardozo student, you’ll study with our top-ranked faculty and build connections with your fellow students in small group settings that focus on engagement. Gain the skills and confidence to make smarter decisions about data operation and management—in your current professional role or your future career as a data specialist.

Connect with an Admissions Advisor to learn more about the online MSL in Data and Privacy Law.

  1. Retrieved May 25, 2022, from techopedia.com/definition/29477/mobile-malware
  2. Retrieved May 25, 2022, from techopedia.com/definition/4049/phishing
  3. Retrieved May 25, 2022, from techopedia.com/definition/4115/social-engineering
  4. Retrieved May 25, 2022, from forbes.com/sites/forbestechcouncil/2021/09/13/how-likely-is-your-employee-to-cause-a-data-breach/?sh=64a9bdc42c63