Mobile Security: 10 Simple Things You Can Do:

BYOD (Bring-Your-Own-Device) concept is a popular trend in recent times. As per surveys just 23 percent of enterprise employees are using company sanctioned mobile devices, remaining 77 percent of employees using their own devices.

Mobile devices are more prone to malware attacks compared to earlier. Either you are using your personal mobile device or company sanctioned mobile device at work, you should be aware of latest security threats.

To understand the threat better, it’s important to review the stats found in recent study of IT Professionals:

1. 51% organizations had experienced data loss, 59% organizations experienced an increase in malware infections as a result of insecure mobile devices in the workplace.
2. Found 59% employees circumvent or disengage mobile security features, such as passwords and key locks, on corporate and personal mobile devices.

A single successful mobile attack can open the door to possible identity theft or worse, results in financial loss to either you or your organization.

Most of the mobile devices vulnerable because of the apps, users use to download from the internet.

In case of iPhone Apple strictly controls and inspects its App store which apps are approved for listing, but it’s not clear exactly what security measures they are checking for.

Android is more open with more distribution channels including third-party market places. Security researchers startled to find that Android malware (malicious apps) grew 3,325 percent in 2011 alone.

 App store have been very quick to remove malware once discovered, but that is typically after the damage is done.

 F-Secure has found that between Q1 2011 and Q1 2012, the number of Android malware families has increased from 10 to 37, and the number of malicious Android APKs has increased from 139 to 3,069.

For full F-Secure mobile threat PDF report, check the below link:

http://www.f-secure.com/weblog/archives/MobileThreatReport_Q1_2012.pdf

It’s time to start protecting our smartphones just like we all learned a decade ago to protect our laptops and PCs from online threats and to think seriously after looking at the sobering facts on rising mobile attacks.

10 Ways to Secure Your Mobile Gadget:

1.    Use Password protected access controls:

All mobile devices come with the ability to set a lock requiring a passcode or pattern for access. Some mobile users don’t employ even this basic safety feature! It may take you a couple extra seconds to unlock your smartphone before using it, but it could take a thief a very long time to figure out your PIN.

PINs aren’t the only locking mechanisms in use.

 Grid-based pattern locks work fine, but they leave smudge marks on the touchscreen that may be easier to guess than passwords.

 Some devices are rolling out facial recognition as an access mechanism, but this technology isn’t perfected yet so it’s not recommended.

 2.  Control Wireless Network & Service Connectivity:

 Turn Wi-Fi off completely and turn it on only when you need it, which will also save your battery power.

 It’s safest to set your phone to automatically connect only to your trusted networks, and to ask you before connecting to any other network it finds. The general rule is to limit your phone’s automatic connection capabilities to just the networks that you know.

 Select Bluetooth connectivity option also manual.

3.    Control Application Access & Permissions:

 Many of the apps store sensitive data that must be protected.

 Most of the apps require a network connection to operate. They may store data in the cloud, constantly track your location, or push updates to your smartphone. Get to know the permission settings of each app or service and what data or systems they access. You may be permitting services to access your phone without prior approval, or your apps may be pushing alerts and updates when you aren’t specifically requesting them. You can restrict all notifications at once by looking under your device’s settings.

 Turn off location based services entirely as well, so your phone isn’t constantly broadcasting your GPS location, no matter which apps request it.

4.  Keep Your OS & Firmware Current:

 Your device has an operating system that runs all of its apps and services, as well as firmware which runs the device hardware itself. It’s definitely important that you routinely accept the major updates from Apple, Google, or whoever the manufacturer is.

 Criminals are innovative; their attacks are at an alarming rate, with growing sophistication. Connect often and download security patches and other minor updates that are released to block the latest exploits. Most of these updates will be free of charge. No manufacturer wants a major attack to cripple its users, so they have a vested interest in helping you stay up-to-date.

 Android users currently using outdated firmware and OS versions that can’t be updated due to hardware incompatibility. Upgrade your device every couple years, if and when promotions are offered by your carrier.

5. Back Up Your Data:

 Small and compact, mobile devices are easy to lose or steal. Take time to backup your data, it is useful in case your phone lost, stolen or corrupted. Take data backup daily, weekly or monthly depends on your mobile usage.

6. Wipe Data Automatically if Lost or Stolen:

 Enroll your phone in a “find my phone” service. It will help you to locate your device when it is lost or stolen. These services typically have the ability to wipe your phone data remotely.

On some devices you can add extra protection such as a total device reset if the PIN is guessed incorrectly a certain number of attempts.

7. Never Store Personal Financial Data on Your Device:

 As a behavior that all mobile users should adopt, this one is pretty straightforward. Never store personally identifiable information such as such as Social Security Numbers, credit card numbers, or checking account numbers on your smartphone, especially in text messages.

8.  Beware of Free Apps:

 The problem is, more and more free and innocent apps are trying to make money from their offerings, so sometimes they track your personal information with limited disclosure or authorization, then sell your profile to advertising companies. The app developers in question may not even be aware of their privacy violations – leaking your location, gender, age and other personal data to embedded mobile ad networks while in the pursuit of revenue. Free apps are just wrappers for malware, unfortunately.

9.  Try Mobile Antivirus Software or Scanning Tools:

 The well-known PC antivirus vendors are now offering similar services to mobile users that scan and protect your smartphone just as they did your desktop.

 Some even offer additional mobile security services such as download protection, SMS/call-screening services, parental controls, and anti-phishing features.

10. Use MDM Software:

Mobile Device Management or MDM is being increasingly employed by IT departments to secure, manage and support all mobile devices that are authorized to access enterprise networks. These services control and protect sensitive and confidential business data by distributing mobile application.

 The goal of MDM is to optimize the functionality and security of your mobile computing experience, not to impede the way you like to work.

 If your organization doesn’t offer MDM, there are other options like SIM card locks and credential storage functions protect the phone by requiring a passcode to use network dependent services, and operate similar to screen/key access PINs. SIM locks prevent anyone from making unauthorized calls with your smartphone, or from removing your SIM and using it in another phone.

source: veracode,f-secure