Security firms have long predicted that cybercriminals would focus
efforts on smartphones and tablets. Well, this year that prediction
might finally come true for mobile users.
The increasing importance of smartphones and tablets in the lives
of consumers and workers has made the devices more attractive to
attackers. In 2010, for example, more mobile devices--such as
smartphones and tablets--were sold than PCs and laptops, according
to Forrester Research.
Though the same general advice applies to securing a laptop
as it does for a desktop, the ultra-mobility of smartphones and
tablets has led to different threats and different recommendations
for securing these smaller devices.
"The only way to truly, fully secure a smartphone is to protect the
device, protect the data, and protect the apps on the device," says
John Dasher, senior director of mobile security at security firm
McAfee. "If you don't do all three, inherently, the device is not
secure."
In a report on the malicious-software landscape for the second
quarter of 2011, McAfee noted a continued increase in the amount of
malware encountered by mobile users, with the Android platform
becoming the most targeted for the first time.
With malware on the rise, and lost phones with sensitive data still
the No. 1 issue, security experts offer five essential steps to
protect popular mobile devices.
1. Lock the device. Lost and stolen devices
continue to be the most serious threat for businesses and
consumers.
On average, North American and European companies lose 11
smartphones every year, according to Forrester Research. Consumers
and companies worried about the sensitive data on the phone should
make an easy-to-type password their first line of defense, says
Andrew Jaquith, the former Forrester analyst who authored the
report and is now chief technology officer for Perimeter
E-Security.
However, the password needs to be long enough so "you can pair it
with an auto-destruct policy--fail eight times to enter the right
password and it deletes the data on the phone--to be sure your data
will be safe," says Jaquith.
If the phone can be remotely wiped using mobile-device management
software or a similar service, then the auto-destruct policy can be
more lenient, he says.
2. Avoid questionable apps. Almost every piece of
malicious software that has infected a phone has been a Trojan
horse. DroidDream, the most successful malicious app, infected a
quarter million Android phones in March by posing as real
applications.
Users should download apps only from trusted app stores and stick
with the more popular apps, says Michael Sutton, vice president of
research for cloud security firm Zscaler.
"Encourage people to install their apps through vetted platforms,"
he says. "Some are better vetted, such as Google's Android
Marketplace and Amazon's and Verizon's app stores."
Although Google's store did offer DroidDream for a time, the
software giant can automatically uninstall bad programs and clean
up a user's phone.
Android users also can benefit from the wisdom of the crowds by
downloading only apps that have a significant number of reviews and
comments, says Neil Daswani, chief technology officer of Web
anti-malware firm Dasient.
"Trojans don't get to the point where they rack up millions of
users, so look at the comments left by the other users," he
says.
3. Accept the patches. Similar to PCs, mobile
phones need to be patched often to eliminate vulnerabilities found
since the phone's release. The good news is that unlike security
vulnerabilities in Android, which can take time to make their way
to the phone, updates are done over the air. Users should always
accept the updates, says Kevin Mahaffey, chief technology officer
for mobile security firm Lookout.
"When you are prompted on Android, update," he says. "For iPhone
users, it's a bit more complex. You need to plug in and update your
apps."
Until Apple's iOS 5 arrives for iPhones, Apple users should synch
their device regularly to get updates.
4. Back up your data. Mobile devices are easy to
back up, a characteristic users should make the most of.
Users who back up regularly are less likely to lose data even if
their company has a strict auto-destruct policy for lost or stolen
phones, says Zscaler's Sutton.
"Now that there is over-the-air syncing and updates, it's really
easy to restore your phone," he says. "If your phone gets taken or
the data deleted, it takes 30 minutes and your phone is back to
normal."
5. Stay safely behind bars. Finally, though some
compelling reasons exist for consumers to jailbreak their phones,
security experts advise users to just say no.
So much of a phone's security is tied to code signing and software
sandboxing that jailbreaking a phone--removing the digital-rights
management that locks it to a certain carrier--means significantly
weakening the security of the device.
"When you look at what happens with the security of your phone,
there are some pretty significant consequences from jailbreaking,"
says William Enck, an assistant professor at North Carolina State
University who recently presented research into the Android
platform at the USENIX Security Conference.
One step that users may do without: Installing antivirus
software.
Many of the functions of antivirus software, such as blacklisting
bad applications and giving the thumbs up to good applications is
baked into the app market models, Enck says. Until antivirus
companies offer more features than just blocking bad apps,
consumers can risk not buying the software, he says.
"I don't think it's necessary yet, but I hold the right to
change my mind," Enck says.
Source:
InformationUSA