{"id":8300,"date":"2014-09-09T10:00:56","date_gmt":"2014-09-09T15:00:56","guid":{"rendered":"http:\/\/www.mrc-productivity.com\/blog\/?p=8300"},"modified":"2022-11-22T11:20:46","modified_gmt":"2022-11-22T17:20:46","slug":"7-more-security-tips-for-mobile-users-part-ii","status":"publish","type":"post","link":"https:\/\/www.mrc-productivity.com\/blog\/2014\/09\/7-more-security-tips-for-mobile-users-part-ii\/","title":{"rendered":"7 more security tips for mobile users (Part II)"},"content":{"rendered":"

\"Education\"Summary: Users have notoriously bad security habits. The problem is, many of these users are now bringing their personal devices–and their poor security habits–into the workplace. Learn how these users can better protect themselves (and your data) with these simple tips.<\/em><\/span>
\n<\/a>
\nEvery time a list of user passwords gets leaked, we\u2019re reminded of one scary fact: Users have horrible security habits. For example, can you guess the most popular password in 2013?<\/p>\n

\u201c123456.\u201d<\/p>\n

\"photo
photo credit: The Daring Librarian<\/a> via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

But wait, it gets worse. The next two most popular passwords: \u201cpassword\u201d and \u201c12345678.\u201d<\/p>\n

Yes, user security habits are that<\/em> bad.<\/p>\n

Why is this becoming such a problem?<\/p>\n

Well, these users–the same ones who feel that \u201c123456\u201d is a good password–are now bringing their personal devices into the workplace. Many even use their personal devices for work-related tasks. <\/p>\n

Along with these devices, what else do they bring to your business? Their poor security habits. What happens if they store sensitive data on their devices? What happens if they use unauthorized devices for business? <\/p>\n

Without proper security habits, this could cause problems for your company. These problems could range from minor inconveniences to major security breaches.<\/p>\n

So, how can users improve their security habits, and better protect your company data? As this is such a broad topic, we split it into two articles. In the first article, we outlined 7 important security tips for users<\/span><\/a>. Today, let\u2019s explore 7 more advanced (but still important) security tips that will help protect users and your company data.<\/p>\n

1. Encrypt your data<\/h3>\n

Here\u2019s a great question to ask: What happens WHEN you lose your mobile device? As mentioned in the first article, password protecting your phone is the first line of defense. <\/p>\n

But, what happens if an attacker manages to access your device\u2019s memory or SD card? If left unencrypted, your data is free for the taking.<\/p>\n

\n\u201cI’d recommend smartphone users encrypt their data; Android has this by default and you can choose to do the entire phone or just what is stored on an external SD card,\u201d says Brandon Ackroyd, Head of Customer Insight at TigerMobiles.com<\/span><\/a>. \u201cThe data is scrambled and only if the right password is entered is it decrypted. Apple allow this too, and emails, texts etc are already encrypted if you have a passcode switched on. You can take it a step further and encrypt the entire phone with use of a third party app.\u201d\n<\/p><\/blockquote>\n

2. Back up your data<\/h3>\n

Most people don\u2019t think about data backups until they need it–when they\u2019ve lost their device or their data. But by then, it\u2019s already too late. Any data that\u2019s only stored on the device itself is at risk if not backed up.<\/p>\n

\"photo
photo credit: FutUndBeidl<\/a> via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

\u201cNQ Mobile’s survey showed that the number one thing that frightened people when it came to the valuable data on their phones was losing their contacts – yes, even more than having their photos or videos get posted publicly,\u201d says Gavin Kim, President, International and Chief Commercial Officer of NQ Mobile<\/span>. \u201cAnd similar to locking your phone, this is an easy problem to fix. If your device doesn’t come with backup capabilities, download a backup app from a reputable app store or your wireless carrier. This way, if the worst happens, this is one less thing to worry about.\u201d<\/P>\n<\/p><\/blockquote>\n

3. Watch for Vishing and Smishing<\/h3>\n

By now, most people are familiar with \u201cphishing\u201d scams. Would-be attackers send fake emails hoping to trick their suspects into sharing personal data. While most consumers know not to click on questionable email links, we must now protect ourselves against similar threats: Vishing and Smishing.<\/p>\n

\n\u201cWhile basically no one falls for email phishing schemes, we all let our guard down when it comes to text messages and phone calls,\u201d says Kim. \u201cAnd scammers have taken note, responding with vishing (voice phishing) and smishing (SMS Phishing) schemes. Common cons include bogus websites that target travelers through enticing offers for events and attractions and even fake phone calls from your bank where the faux representative collects personal information then uses that to wreak havoc on your financial well-being. Combat these threats by treating your smartphone as you would your computer – don’t open questionable links, verify the url you go to is the url that you think, let poor grammar and misspellings be red flags, and don’t respond to unsolicited requests for personal information no matter what the Caller ID or email address shows.\u201d\n<\/p><\/blockquote>\n

4. Double Check the URL field<\/h3>\n

URL redirects are a common tool for attackers. They display a seemingly harmless URL, which redirects you to a different site once selected. While easily detected on a PC, the small screen size of a mobile device make them prime targets. <\/p>\n

\n“Be sure that the mobile site you are on is in fact the correct mobile site,\u201d says Steve Pao, GM of Security Business at Barracuda<\/span><\/a>. \u201cMobile phone internet browsers do not display the entirety of the URL, leading users to believe that the first snippet of the URL is taking them to the correct landing page. This isn’t always the case. Targeted spear phishing attacks that look like legit social sites can ask you to enter your user name and passwords as if you were logged out, and now have your sign on information.<\/p>\n

Mobile users are often times multi-tasking with their phones in one hand and doing something else with their other, not paying attention to what’s going on on screen. In turn, people accidentally click through an in-app purchase or click on a ads that could take them to a compromised site. Best thing is to pay attention to what it is that you do on your phones. Mobile malware is picking up traction and is becoming more advanced. Don’t think because you are on your phone that you are invincible. Proceed with caution.”\n<\/p><\/blockquote>\n

5. Understand where your data lives<\/h3>\n

As cloud-based storage services become integrated into mobile devices, we face a problem. More and more, users don’t know where their data lives. Many unwittingly place sensitive data on the cloud, thinking it’s only stored on their device. Are they storing sensitive corporate data in an insecure cloud service? Does that service meet business security requirements?<\/p>\n

\"photo
photo credit: FutUndBeidl<\/a> via photopin<\/a> cc<\/a><\/figcaption><\/figure>\n

\u201cIt is important for business users to understand where and how their data is being stored,\u201d says Paul Hill, consultant with SystemExperts<\/span><\/a>. \u201cIt is important for a business to be able to respond to e-Discovery requests, be able to ensure data is properly retained and destroyed when appropriate, and ensure proper access controls are applied. Many applications are now integrated with a variety of consumer-grade cloud storage services that may not meet all business requirements. It can be difficult for some users to understand where data is being stored, and what data may be available to third parties. If the business doesn’t provide a list of approved software and services, users should consult with their managers or their IT department to learn about the risks and make an informed decision.\u201d<\/p>\n<\/blockquote>\n

6. Use different passwords across sites<\/h3>\n

While more of a general security tip, it\u2019s one that you can\u2019t ignore: Avoid universal passwords. Your password must vary from service to service. Why? Well, what happens if hackers access your email password? Can they use that same password for your bank account? How about your social sites? Using different passwords limits your risk in the event of a data breach.<\/p>\n

\n\u201cIf you’re using cloud backup services – use different passwords rather than having one universal password that you use for everything,\u201d says Ackroyd. \u201cIf hackers or an unscrupulous individual get a password for one service, then they’re going to use it to try access others too.\u201d\n<\/p><\/blockquote>\n

7. Use restrictive browser and app settings<\/h3>\n

Sometimes malware or spyware takes advantage of common browser holes to work their way into your device. If using your device for sensitive business tasks, enable the highest security setting possible. It may limit your abilities, but will help protect you against malware that relies on lax browser settings.<\/p>\n

\n\u201cUse the most restrictive of your phone\u2019s settings for apps and Internet access,\u201d says Kevin D. Murray – CPP, CISM, Director of Murray Associates<\/span><\/a>. \u201cSome phones will even flag the activity and warn you if the program tries to do more than it has been given permission to do.\u201d\n<\/p><\/blockquote>\n

So, what do you think? Is there anything you would add to this list? If so, please share your thoughts in the comments.<\/p>\n","protected":false},"excerpt":{"rendered":"

Summary: Users have notoriously bad security habits. The problem is, many of these users are now bringing their personal devices–and their poor security habits–into the workplace. Learn how these users can better protect themselves (and your data) with these simple tips.<\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"default","ast-global-header-display":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","slim_seo":{"title":"7 more security tips for mobile users (Part II) - mrc's Cup of Joe Blog","description":"Summary: Users have notoriously bad security habits. The problem is, many of these users are now bringing their personal devices--and their poor security habits"},"footnotes":""},"categories":[8],"tags":[34],"class_list":["post-8300","post","type-post","status-publish","format-standard","hentry","category-education","tag-mobile"],"_links":{"self":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8300","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/comments?post=8300"}],"version-history":[{"count":5,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8300\/revisions"}],"predecessor-version":[{"id":13986,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/posts\/8300\/revisions\/13986"}],"wp:attachment":[{"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/media?parent=8300"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/categories?post=8300"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.mrc-productivity.com\/blog\/wp-json\/wp\/v2\/tags?post=8300"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}