Comedy fans might recognize the phrase “have you tried turning it off and on again” from the British sitcom The IT Crowd, but what if that advice came from the National Security Agency (NSA) and was directed at all smartphone users?
More importantly, if you follow the NSA’s suggestion, will it really protect you from malware and spyware in 2024 and beyond?
The NSA’s advice to reboot smartphones originated in a 2020 mobile device best practices guide.
If you have trouble accessing the PDF through the provided link, there’s an alternative route to the document via the NSA press room, although it requires a few more clicks.
With smartphones across all operating systems becoming increasingly popular targets for cybercriminals, the NSA emphasized that while many features on these devices offer convenience, they often compromise security.
The guide outlined simple, non-technical steps that even the least tech-savvy users could take to safeguard their devices and the data they contain. Earlier this year, I covered the NSA’s advice, and the response to that article continues to pour in.
Security experts and smartphone users alike have reached out, some thanking me for highlighting the warning, while others criticized me for not delving deeper into what rebooting can’t protect against. All perspectives are valid, and I hope this article will offer greater clarity.
First off, let me say that the NSA’s guide deserves high praise. The advice is not only sound but also presented in a way that is accessible to all.
The NSA used an icon-based system to communicate what users should avoid, disable, do, and not do.
The “do” list includes using strong PINs and passwords, enabling biometric locks, and keeping software up to date.
On the “do not” list, the advice covers avoiding actions like rooting or jailbreaking your phone and not clicking on unknown links or opening suspicious attachments.
What caught my attention the most, however, was the “disable” icon, which suggested that users turn their devices off and on again weekly.
On the second page of this visually rich document, the NSA took a tabular approach to explain what actions smartphone users should take to mitigate threats.
The iconography here was divided between “sometimes prevents” and “almost always prevents.” In terms of rebooting your smartphone regularly, the advice falls under the “sometimes prevents” category.
This action is recommended because it can help mitigate risks like spear phishing attacks that install malware or prevent zero-click exploits. However, the NSA never claimed this was a one-size-fits-all solution or a comprehensive security fix.
Rebooting your phone regularly might not stop every threat, but it’s a useful step in a broader strategy to protect your device from evolving cyber risks.
