How insecure is your mobile device really?
They can definitely make it easy for sensitive data to get into the wrong hands, but you can do some simple things to reduce (not eliminate) the risks.
Computerworld - With all the reports of mobile malware, vulnerabilities and attacks, things must seem pretty confusing to the consumer. Is the sky really falling? Let's explore some of the practical aspects of mobile security a bit from the consumer's point of view.
First off, it's always important to put these reports into perspective. Over the past few months, we've heard of malware in Google's Android Market, weaknesses in Apple's iOS and all sorts of other badness. Many, though not all, of these reports were released by folks who want to sell you a security add-on or service. That's not to say the reports were false, but their severity should always be taken with a grain of salt.
Yes, there's been a bunch of malware found in the Android Market. Those apps were removed. And there have been published vulnerabilities affecting Android and iOS, but by and large, the respective vendors are patching those.
So, rather than focus on the bad, let's take a look at the sorts of actionable things a consumer can do to use these fabulous devices more securely. There isn't likely to be a shortage of new problem announcements anytime soon, after all.
Let's start by understanding the risks a bit, in practical consumer terms. Without a doubt, the biggest risk any mobile device consumer faces is loss or theft of the device itself. If someone has your mobile device, chances are there's a wealth of juicy information they can farm from it, from passwords to emails and other documents. Here's where you need some perspective: More than likely, if someone finds your device (say, at the coffee shop where you misplaced it), they're either going to turn it in to lost and found or just steal it for their own use. The percentage of folks who would actually try to farm your data from the device is likely quite low. You need to be aware that the threat is real, but also that it isn't the inevitable result of losing your device.
Your second-biggest risk might be having your network communications intercepted by someone on the public Wi-Fi you're using. It's a much lower risk than losing your device, but it's a very trivial attack for someone to pull off. An attacker can run a network sniffing tool and sit in your coffee shop, capturing all of your network data, with pretty much zero chance of being caught or even noticed. Tools for this are easily available.
Now, let's address these two most prominent risks.
To avoid exposing sensitive data on your device:
* Avoid storing anything truly sensitive on the device. Perhaps you have a credit card you regularly use for Internet transactions. You can go ahead and use that in your mobile apps without storing it in the apps. If your app has a choice to "remember" your data, opt out. Same goes for passwords and other credentials in general. There's a trade-off, of course -- using your gadget is going to be more of a hassle because you'll be entering passwords, credit card numbers and other information more often.
More by Kenneth van Wyk
- Kenneth van Wyk: Where mobile apps go wrong
- Kenneth van Wyk: Apple's big fail
- Kenneth van Wyk: After Snowden
- Kenneth van Wyk: Target breach underscores how backward U.S. payment tech is
- Kenneth van Wyk: Enjoy your trip, but protect the data you take with you
- Kenneth van Wyk: Lingering faults with security by default
- Kenneth van Wyk: High hopes for iPhone's Touch ID
- Kenneth van Wyk: Why mobile apps beat Web apps for privacy
- Bug bounties: Bad dog! Have a treat!
- How to avoid Big Brother's gaze
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts