by Anthony Passalacqua, Risk Management Representative
As smartphones continue to dominate every aspect of our free time, it is mind boggling to think of just how much information is stored on our devices. Yet we are so complacent about their security.
One constant and common theme in cyber security is the concept of layers—passwords, firewalls, Internet security software. The more layers you have protecting your personal information, the more time and resources are needed by cyber criminals to get into your device—and the more likely they are to move on to an easier target. Luckily, your mobile phone comes equipped with tools for encryption that take a few minutes to an hour to initiate and add an important layer of security to your device.
What is encryption?
“Encryption is the conversion of electronic data into another form, called ciphertext, which cannot be easily understood by anyone except authorized parties.” (1) Ciphertext is only converted back to its original readable form when the key to decipher it is used (usually a PIN or password). If you encrypt your phone you will also want to have a good PIN or a strong password that can’t be easily figured out by a cyber criminal.
An interesting fact: a 4-digit pin offers only 10,000 different combinations, which seems like a lot. But simple logic dictates that your pin could be guessed. According to Popular Science, 20% of PINs use the following combinations 1234, 0000, and 1111. Adding in the use of couplets (I.e. 7878, 8181) adds an additional 17.8% (2)
What type of data is stored on my phone?
How many accounts on your phone are open 24/7 or don’t require a login? This may include e-mail accounts, shopping apps, sites that store your credit card information, and social media. Photos, documents, and other media may be uploaded to cloud storage without your knowledge. Of additional concern, your phone may be tracking your every movement. A Today show segment discussed how this is occurring and how to turn your location services off.(3)
Awareness of the type of information on your smartphone allows you to take additional steps to protect that information. For instance, if you use your cell phone for banking, make sure you log off once you are done. Understanding how and if your credit card information is stored on different accounts can allow you to take adequate steps to not “save” the information. When purchasing, it is a better option to manually key in each transaction instead of storing the credit card information on the website.
Encryption and how it applies to HIPAA
Do you use your phone for work related purposes? What type of information is created, stored, or transmitted? Do you text PHI (i.e. responses to patient related question), take pictures, or save information to a chart? If so encryption and decryption is an addressable item under HIPAA Security Rule.(4) Additional software may also include HIPAA compliant portal access and messaging, provided/purchased with your EHR and other HIPAA-compliant platforms.
Before you encrypt, check with your IT department to ensure that encryption will not interfere with other programs. Once that is complete, make sure to do, or be aware of, the following.
- Back up all pertinent information. In rare cases, the encryption process may not work, and can cause some files and programs to be lost or destroyed. Before you encrypt, save and back up all of your important information.
- Be aware that it may cause slower performance, especially in older cell phones.
- You cannot undo encryption. If you decide encryption is not for you, you may have to do a factory reset to remove encryption from your phone. In many phones this is done by going to your settings and searching for factory data reset or factory reset.
- Ensure your cell phone has a good charge—more than 80% is suggested. It is also suggested to encrypt your phone during a time when you are not going to need it. You will want to have your phone connected to a charge throughout the encryption process.(5)
Depending on several factors, including internal storage and processing speed, the encryption process can take a few minutes or a few hours. Prepare to be without your phone during this process.
How to encrypt Android devices
First, go to your phone’s “settings” and search for “encrypt phone” or “security,” If you do not have an encrypt option, then your phone may already be encrypted.
Additional directions can be found at howtogeek.com or by using a search engine and entering in your phone model and how to encrypt. The directions can vary differently from screen to screen, so the screen shots provided on this site may vary slightly from what you are seeing on your own device. Once you are done with the encryption process, you will be asked to choose a screen lock option. (5)
- If your cellphone is rooted, you will have to “unroot” your phone. According to Bullguard Mobile security, rooting is the process that allows a user to gain root access to an android operating system. If you are unsure if your phone is rooted, then more than likely it is not. It is an advanced skill for tech savvy users. (6)
How to encrypt an IPhone and other Apple devices
One of the perks of Apple products is that many of their devices are encrypted out of the box. To ensure your device is encrypted, the How-to-Geek website provides instructions to help you verify your security settings. (7)
If you have any additional questions about cyber security, please contact firstname.lastname@example.org.
- Your smartphone may be tracking your every move, NBC’s Today Show, November 17, 2015.
- Your Mobile Device and Health Information Privacy and Security, HealthIT.gov March 21,2014.
- Rouse, M. Definition Encryption. Search Security. TechTarget Network. April 06, 2017. Available at http://searchsecurity.techtarget.com/definition/encryption. Accessed September 5, 2017.
- Lecher, C. The fastest way to crack a 4-digit PIN number [infographic]. Popular Science. September 20, 2012. Available at http://www.popsci.com/technology/article/2012-09/infographic-day-fastest-way-crack-4-digit-pin-number . Accessed September 5, 2017.
- Rossen, J and Billington, J. (2015, November 17). Your smartphone may be tracking your every move April 06, 2017, from http://www.today.com/money/your-smartphone-may-be-tracking-your-every-move-t17056 . Accessed December 12, 2017.
- Centers for Medicaid and Medicare Services. HIPAA Security Series Security Standards: Technical Safeguards. Available at https://www.hhs.gov/sites/default/files/ocr/privacy/hipaa/administrative/securityrule/techsafeguards.pdf. Accessed September 5, 2017.
- Summerson, C. How to Encrypt Your Android Phone (and Why You Might Want to). How to Geek website. April 17, 2016. Available at https://www.howtogeek.com/141953/how-to-encrypt-your-android-phone-and-why-you-might-want-to/ Accessed September 5, 2017.
- The risks of rooting your Android phone. Bullguard website. Available at http://www.bullguard.com/de/community/security-center/mobile-security/the-risks-of-rooting-your-android-phone-bullguar?lang=de-de. Accessed September 5, 2017.
- Klein, M. (2016, July 3). PSA: Encrypt Your PC, Phone, and Tablet Now. You’ll Regret It Later If You Don’t. April 06, 2017, from https://www.howtogeek.com/260507/psa-encrypt-your-pc-phone-and-tablet-now.-youll-regret-it-later-if-you-dont/
Anthony Passalacqua can be reached at email@example.com.