View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
February 12, 2014updated 22 Sep 2016 11:05am

How to protect your smartphone and tablet

With Safer Internet Day taking place this week, CBR has teamed up with Lee Weiner, SVP of products and engineering at security management firm Rapid7, to bring you a series of useful guides that will help you stay safe online. Here, Lee looks at protecting mobile devices.

By Duncan Macrae

Mobility is a huge opportunity for companies, but with more and more users looking to connect their personal devices to the corporate network, it brings with it some significant security concerns. But ignoring BYOD won’t make it go away. Why? Well, IDC estimates that last year over one billion smartphones were shipping. One billion!

So the chances are that even if you don’t have an official BYOD policy someone, somewhere in your organisation is using a personal mobile device to connect to the network. It is critical that users understand the risks associated with their devices and appreciate that even though a device is personally owned, if it’s accessing the corporate network, it represents a risk for the organisation and needs to be protected.

People using their own personal device blurs the line somewhat and they may not really understand the risks associated with this. Instead securing devices may seem like a time-consuming drag. So, below we’ve focused on three key areas of mobile risks and provided some helpful tips to help users navigate them easily.
 
What is BYOD (Bring Your Own Device)?
These days the majority of people in the workplace own either a smartphone or a tablet device or both. Frequently these mobile devices are used for all aspects of your personal AND professional life, for example if you have your company email on your mobile phone, or take notes during meetings on your tablet. This is BYOD: mobile devices that you bought for your own use, through which you also access work-related data. 
 
It’s easy to take this for granted and not consider the confidential nature of the information you’re accessing on these devices, but even seemingly insignificant information may provide an attacker with an opportunity. Given that so much company information is either stored or accessible through our mobile devices, it is very important to keep these devices secure. The good news is that it’s really not that hard to do. Here are a few simple steps that will help you protect your personal and company-confidential information from being accessed and exploited by strangers. 
 
On the next page we take a look at some of the most common threats and how you can protect yourselves against them.

Threat #1 – Lost or Stolen Mobile Devices

More than one in three mobile devices are either stolen or lost by their original owner. Not only does the smartphone have resell value, but the value of the data accessible from the device can sometimes exceed the resell value of the device. Just think how valuable your banking information and account passwords stored on the device can be to a thief!
 
How Can You Protect Yourself?

First, make sure to password lock your device.  Unfortunately, less than 40% of users enable the passwords on their mobile devices, with the majority claiming it is too much hassle. But in reality it’s very quick and simple to do – and has the added benefit of keeping untrustworthy people out of your device. To enable a password, go to the Settings in your phone. If you can’t easily figure out how to do it, your IT team will probably be happy to help.
 
Secondly, enable the "Find Your Device" feature available on most of the major operating systems, like Apple’s Find My iPhone.  If your device is ever misplaced, you can sign into Apple’s iCloud and see exactly where your device is.  You can also wipe the device remotely if it’s in a location that you don’t recognise or trust, so your confidential information is not compromised.
 
Threat #2 – Untrustworthy Apps

Apps are where it’s at, whether your playing scrabble with your friend or browsing for a new home on Rightmove. Criminals targeting your phone know that people love apps. So it is perhaps no surprise that 97% of malware (malicious software) on Android smartphones is from apps that were downloaded from untrusted app stores.  These apps can look perfectly legitimate, but are usually loaded with malicious functions and once downloaded, expose the device owner to severe risk, sometimes even leading to the complete loss of control of the device to the attacker.
 
How Can You Protect Yourself?

Content from our partners
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape
Green for go: Transforming trade in the UK

Only download apps from trusted marketplaces, like Apple’s iTunes and Android’s Google Play stores. The qualification and filtration processes for apps to be included on these officially sanctioned marketplaces will significantly minimise any chance of your device being infected by malware. There are more than two million apps available between Apple’s, Google’s and Microsoft’s app stores, so you’ll never have to worry about finding the ones that suit your needs!
 
Threat #3 – Unpatched Mobile Devices

No software is perfect, and the stuff on your phone is no exception. The problem is that the flaws can often create opportunities for attackers to exploit and take over your device. This is why the software makers often release multiple versions in quick succession (as with the recent iOS 7, iOS 7.01 and iOS 7.02 releases). This is called "patching" and the responsibility for doing it on your mobile devices lies primarily with you to ensure that there are no high severity vulnerabilities lurking on your phone waiting to be exploited.
 
How Can You Protect Yourself?

It is crucial that you update the software on your phone whenever new versions are released. You can check by going to the Settings menu for your device, and looking up if there are any System Updates available.  This simple step is by far the best way to eliminate mobile device risk, but so few people actually complete updates in a timely manner.  Once the update is completed, you can be sure that hackers cannot exploit older vulnerabilities on your device to gain access to your confidential information.

All of the above recommendations are quick and easy to implement. By doing them, you can rest assured that you’ve minimised the risk of someone exploiting your mobile phone in order to access your private data.

 

 

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.
THANK YOU