Although there aren’t any prevalent security attacks or threat mechanisms associated with smartphones in the market today, security vendors and analysts are urging mobile device users to use security best practices on them, just as they would with their computers.
With recent advancements around mobile devices and technologies, particularly smartphone devices, more and more people are staying connected both in the home and office environments.
Andrew Jaquith, a senior analyst at Forrester Research based in Cambridge, Mass., said the new breed of smartphones, such as Android and iPhone-based devices, are built on operating systems that are “fairly-well locked down.” However, although he said using these types of devices are “generally safer than PCs because malware can’t run on them,” there are still privacy and data risks to be aware of.
“You don’t want a navigation application sending your location to an outside service without your permission,” Jaquith said. “We’ll see privacy-related issues emerge with third-party applications, for sure, but the good news is the remedy for these kinds of problems is simple: the operators of the “app stores,” (Apple and Google) can find the offenders and yank the certificates used to sign the applications.”
Especially for those users who bring and work with their personal devices in and out of the workplace, the safety of the data on those devices becomes an issue.
James Quin, lead research analyst for risk management at London, Ont.-based Info-Tech Research Group, said more and more people are staying connected through devices such as smartphones.
“Smartphones allow us to be more connected with each other and users are sending information via e-mails and through attachments, all of which are susceptible to loss or theft,” Quin said. “At the end of the day, smartphones aren’t a prevalent security threat as long as users take steps to protect the data that’s on the device.”
One of the biggest security mistakes customers make with their mobile devices today is that they fail to use even the most basic security protection methods such as passwords, Quin explained.
“People aren’t using passwords because they think of their smartphone as a phone first but really, it’s a small, low-power computer that also has a phone in it,” he said. “Users must start thinking of smartphones in this way so they can adopt the appropriate policies and processes, just as they would when it comes to protecting computers.”
Channel partners, he said, have the opportunity to not only share this reality to their customers, but also to educate them on the possible risks with mobile devices so they can stay better protected.
With no password protection on mobile devices, in the event it’s ever lost or stolen, with no security policies or software on it to remotely wipe the data the owner of the device and their employer becomes vulnerable.
“Any sort of personal or confidential information residing on the smartphone can be used for financial gain,” Quin said. “There’s a market for identity information because this space always has a potential buyer.”
Catalin Cosoi, head of online threat labs at BitDefender, a security software vendor, said any sort of personal information is worth something to attackers.
“Everything you own is worth something because piece by piece, your identity can be constructed for financial gain,” he said.
When it comes to mobile banking services, Jaquith said most banks will provide services that require customers to log into their banking service every time, rather than caching the user’s credentials on the phone. But even still, there’s that risk that if a device were stolen, it may be possible to steal bank balances and/or conduct financial transactions. Jaquith said users should also protect their phones with a PIN for added security.
Security software vendor Symantec also shares some best practice advice around handheld devices which include: use strong passwords and PINs, make backups just as you would for a PC or Mac and schedule regular backups on phones, limit the amount of sensitive data that’s carried on handhelds and protect handheld devices with security software.
Follow Maxine Cheung on Twitter: @MaxineCheungCDN .