Stay secure, my smartphone4 min read . Updated: 13 Sep 2011, 10:11 PM IST
Stay secure, my smartphone
Stay secure, my smartphone
Our phones are no longer just phones. They are minicomputers that contain information on where we have been and whom we have talked to—it has our emails, contacts, corporate secrets and photos. A proliferation of BlackBerry, iPhone and Android devices means that more and more people are carrying connected devices that handle a lot of sensitive data. The popularity of smartphones and cloud services has also meant that a lot of malicious programs are turning up on mobile phones, making data security a serious issue.
According to the Underground Economies: Intellectual Capital and Sensitive Corporate Data Now the Latest Cybercrime Currency survey, shared by security software maker McAfee Inc., securing mobile devices continues to pose a challenge to businesses, with 62% of the 1,000 respondents identifying it as a challenge. The nature of the attacks keeps changing, and there is a proliferation of services such as removable data (USB flash drives, memory cards in mobiles and portable hard drives) and social networking sites, which allow easy sharing of potentially confidential material.
Delhi-based cyber security consultant and deputy editor of InfoSecurity magazine, Dominic K., says, “There is no such thing as 100% security any more, but this is still most widespread on Java and Symbian devices because there is a wide variety of ways to put malicious software on to the phones, while something like the iPhone, for example, is a lot safer, unless it’s jail-broken."
He adds: “For the average phone, there should be no problems. Smartphone users should avoid surfing unknown Internet pages, open only those attachments on the phone that they are sure of and make sure to use a mobile antivirus product and ensure it’s updated daily with the latest signatures. Also, do not connect to an unknown wireless network without proper verification."
There are a lot of antivirus options available, but users should make sure the software checks not just for viruses but also spyware, and provides a data-locking function.
Be aware of social engineering
Security experts agree that the most prevalent way of breaking into a phone is still through “social engineering". The target is either called by someone who pretends to be from the phone company and simply asks for the password or—and this is harder to protect yourself against—gathers information such as the date of birth and common security questions like your mother’s maiden name. Then the hacker will call up the phone company pretending to be the target.
People who keep their work or sensitive data—which will make them a target instead of a random victim—on their phones are at greater risk. If you fall into this category, remember to keep backups, and change your password frequently. Many people do not even change their password from the default set by the phone company—a default known to hackers. Unless you change that password, it’s as good as not having one at all.
Track missing devices
For iPhone or iPad users, a must-have software is Find my iPhone/iPad This works for the latest iPod touch as well, and if you’ve lost your device or if someone has stolen it, this software uses location-based services to track your device and can also be used to display a message on the home screen and lock functionality—so if anyone finds your lost phone, you can send them messages using the Internet.
Android users can try Lookout. It’s a free app, which uses GPS technology to track your phone. Login to the website and you can get live information about your phone. The software also works through all the permissions on your phone so you can see which app has access to which resources easily.
Apart from accidental loss or physical theft of the device, people need to be able to counter malicious software and data theft because we use our smartphones and tablets for both personal use and work, and need to keep our data secure.
McAfee has launched a security product for mobiles—a one-year subscription costs $19.99 (around ₹ 950), and there is a seven-day free trial option. The package includes WaveSecure, VirusScan Mobile and SiteAdvisor—you can also get SiteAdvisor as a stand-alone software for free use. Together, the package offers protection against data loss and breach of privacy in the event of loss or theft, along with protection against viruses and spyware and from phishing sites.
To protect sensitive data, the service backs it up online. And in case the device is lost, it can be locked remotely or even completely wiped clean, without losing the data. Users can also trigger a loud alarm remotely, and malicious websites and viruses are automatically blocked. The software is available on both Android and iOS devices.
It’s not enough to take steps to protect your data, you need to protect access as well, by regularly changing your password, and not using the same password across a number of sites, especially while surfing these on your phone. Your email provider might be storing your password in a highly secure fashion, but is every blog you ever registered to comment on maintaining the same level of security? If you have the same password on both, then you’re practically inviting people into your account. Remembering all those passwords is a problem, though, particularly if they’re all strong passwords using special characters and numbers.
A good password manager such as 1Password ($9.99 for iPhone), is essential. 1Password syncs with your desktop so that you don’t need to buy two password managers, and not only can you organize and sync passwords, but also software licences and files—great for storing things like scanned copies of important documents when travelling. For $14.95, you can also buy the iPad-ready Pro version, which has added features such as secure notes that can’t be read without a password, and can also be used to backup and restore data. 1Password supports customization of login icons and thumbnails, integration with Evernote and Safari, and a tag-based system for easy login organization.