Summary: As smartphone usage grows in the business, many users still don’t understand proper security practices. If not addressed, this problem could put their (and your company’s) sensitive data at risk. Learn how your users can better protect themselves from mobile security threats.
The rise of smartphone and tablets in the business opens up a new world of opportunity. We’ve seen businesses use them for all sorts of tasks. For instance, we’ve seen businesses use smartphones to:
- improve productivity,
- automate manual processes,
- improve data accessibility,
- and much more
But, besides all these benefits, smartphones create something else: new security risks.
As more employees adopt smartphones, many still aren’t aware of proper security practices. If not addressed, this problem could put your sensitive corporate data at risk.
Today, let’s uncover some mobile security tips that could help you avoid a security breach. Now, this is a broad topic, so I’m breaking it up into two articles. We’ll cover some security tips now, and the rest in an upcoming article. Sounds good? Alright, here are 7 security tips for mobile users:
1. Be wary of public WiFi (and bluetooth)
Public WiFI hotspots are convenient…but insecure. Here’s a good rule of thumb when using public WiFi: Assume someone is watching.
Does that sound a little paranoid? Consider this: A few years back, researchers created a Firefox plugin called “Firesheep.” They built it to highlight the security risks of public WiFi. What does it do? Firesheep lets anyone watch your activity on an unencrypted network (like public WiFi). No hacking skills needed.
That should make you think twice before pulling up sensitive information on a public network.
“Every hotel, bar, restaurant and park will probably offer up free Wi-fi, but with the ease of setting up a hotspot, this has become a cheap and easy way for thieves to access the personal information on your device,” says Gavin Kim, President, International and Chief Commercial Officer of NQ Mobile. “While shorter-range and device-to-device, Bluetooth carries with it the same risks. The scammer need only get access, then anything you have stored is ripe for the taking. Especially if doing something like mobile banking, use your device’s data connection instead of a random open WiFi hotspot. But as a general rule, when in doubt, turn your WiFi and Bluetooth connections off.”
2. Use a VPN
So, should you avoid all public WiFi? Not necessarily. If you must use public WiFi, protect yourself with a Virtual Private Network (VPN). As explained below, a VPN installed on the device will help protect you from the risks of public hotspots.
“It’s very important that employees turn on a personal VPN service when they connect to public WiFi,” says Sunday Yokubaitis, President of Golden Frog. “Public WiFi hotspots at places like coffee shops and airports are notoriously dangerous for mobile users. Any business that has employees who work remotely at these types of locations should install a personal VPN service on their employees’ mobile devices. A VPN will encrypt the Internet connection so business tasks like email communication, data and file transfers and Web browsing are kept private and secure. VPNs are a known commodity to techies, but the key for a company to realize the full benefits of a VPN is choosing a service that is straightforward to setup and simple to use to so all employees are comfortable using it.”
3. Secure your device with a password
Here’s a shocking statistic: 3.1 million American consumers were victims of smartphone theft last year. That number will rise this year.
What’s worse: Most consumers still do not lock their phones. They don’t use passwords, pass codes, unlock patterns, etc… What does that mean? If their phones are ever stolen, the thief has instant access to everything on the device.
“The single most important thing you can do to protect your mobile security and privacy is to set a passcode lock to protect your device from unauthorized access,” says Kim. “But according to our survey, 44% of people still don’t take this super simple step. Whether snagged by a thief or picked up by a stranger after you’ve left it behind, your unlocked phone is an open invitation into the intimate details of your life. Every device will have an option in its security settings for some sort of passcode, pattern or even facial recognition to access the device’s functions. If you don’t have that option enabled, you’re inviting a world of problems.”
4. Use Lock/locate/wipe software
The best security advice: Assume your phone will get lost or stolen. How will you get it back? How will you ensure that your (or the company’s) sensitive data isn’t compromised? As explained below, you must be able to remotely locate or wipe your phone if necessary.
“Devices should be configured so that they can be remotely locked, located and wiped in the event of loss or theft,” says Paul Hill, Consultant with SystemExperts. “All staff should be taught to promptly report a loss or theft so that the device can be remotely locked, wiped, or located, in a timely manner.”
5. Don’t store sensitive corporate data on the device
Even if you take the above precautions, a determined thief could still access data on a phone with the right tools. The best defense: Don’t store sensitive corporate data on your device in the first place.
What does this mean for the business? How do you give employees access to the data they need while maintaining security?
“I recommend that organizations treat employee devices as doorways, not destinations,” says Tyler Wassell, Software Development Manager at mrc. “By that I mean, employees should be able to access the data they need through their mobile device, without storing it on the device itself. As an example, we provide our employees with secure mobile web apps. They can login and access data through their mobile web browser, without downloading anything to their device. In this way, we keep our data secure while giving them the access they need.”
6. Be cautious with apps
“The mobile webscape is cluttered with enticing offers of free downloads,” says Robert Siciliano Identity Theft Expert with Hotspot Shield. “A minority are fraudulent and it’s impossible to tell which are which. Never download from mobile-only sites or those crammed with ads. Download only from app stores you trust.”
Going one step further, you should approach every app download with caution–even those from reputable app stores. Why? Once installed on your phone, apps can access most everything on the device. Carefully inspect how much access an app requires before installing it. The app’s access requirements might surprise you.
“One very important security item that is often overlooked involves the apps that you download to your phone,” says Bev Robb, Owner of Teksquisite Consulting. “It is crucial to carefully review the Terms of Service and privacy policy for each app prior to downloading them.”
7. Use anti-malware software
As smartphones become more popular, the amount of smartphone-specific malware grows. We’ve reached a point where our phones need malware protection almost as much as our PCs.
“Use an anti-malware as smartphones are used much like computers today and are subject to the same risks – much of our data is today submitted through our hand-held devices in form of e-mails, passwords and credit card details,” says André Elmoznino Laufer, Security Expert at SaferVPN. “Of course, have it scan every once in a while and keep it updated. Additionally, make sure to enable a firewall, either the one included in your OS or invest a few bucks and get an anti-malware that includes one.”
So, what do you think? Is there anything you would add to this list? If so, please share your thoughts in the comments.
Pingback: 7 security tips for mobile users (part 1) | Per...