Protect Your Mobile Device Data

Photo credit:Andres Rueda, Flickr

It is a fact: Cyber criminals want to steal valuable data from mobile devices. Just like they want to (and frequently do) steal it from PCs and corporate databases.Here are some tips to help consumers and companies protect their data on mobile devices. Of course, these steps don’t eliminate all risk or work for every circumstance.

Top 6 smartphone security/privacy tips for users

1. Use a trusted network, either the mobile carrier’s data network or a trusted WiFi connection (home, office). An attacker can a fake popular free WiFi spots and, if you connect, potentially steal information.
2. Put a strong passcode on your phone, with “wipe after x number of failures” option selected if available.
3. Check our FREE appWatchdog service to see if an app protects your data.
4. Be very cautious about clicking on links in emails and especially in SMS. It is better to type them into your browser, do a Google search or bookmark frequent sites. Mobile users are far more susceptible to phishing scams via mobile URLs.
5. Alternative browsers like Opera may offer some security through scarcity. Malware is usually directed to the systems that get the highest number of users, so the built-in browsers are more likely to be targeted. This does not provide a high level of additional security.
6. If using Android, make sure the permissions an app requests are consistent with its function. For example if a game wants access to your SMS or Contact list…why would it need that?

 

Top 5 smartphone security/privacy tips for companies

1. Perform a mobile security audit to:
   • Understand what types of corporate data are stored on the device
   • Determine where that data can end up – on home computer in backups
   • Test the effectiveness of security measures such as remote wiping
2. Recognize that most smartphones are a ubiquitous and portable USB drives capable of storing large amounts of data. Consider disabling the USB drive capability on their corporate computers, or use a monitoring solution like liveForensics to track USB activity.
3. Realize that newer devices allow users to create a new network connection for a computer in the workplace and thereby circumvent the entire security measures a company may have invested in (firewalls, data loss prevention software, etc.)
4. Manage smartphone risks by:
   • Approving only devices that allow controls such as enforcing PIN/Pass and remote wipe
   • Requiring users update to latest version of the phone system
   • If the device allows for remote management, enabling those features
5. Update corporate/IT policies: We strongly advise to review and update the following policies (and perhaps others) to account for the new devices and risks.
   • Acceptable Use Policy
   • Data Security Policy
   • Backups and Data Retention Policy

More information on mobile device security issues can be found in our blog. If you believe we can be of assistance to your company, please contact us.