Am I doing enough to Secure my Smartphone?
Today smartphone users all agree that smartphones are integral to both work and personal life, and the need to secure smartphones is obvious.
Like most other smartphone users, I am never without my smartphone. It rarely leaves my hand on my daily subway commute as I catch up with friends and family, and plan my day reviewing work email and priorities. It ‘runs’ with me on my workouts, ‘works’ with me via email and note taking, and ’sleeps’ on my bedside table. Should I fail to properly secure my smartphone, the loss or theft of the personal information would be regrettable, but the theft of corporate information could be detrimental to business. Mobile devices are always ‘online,’ and security is a concern as smartphones and the communications they are used for are vulnerable to interception and exposure.
While all agree on the importance of securing smartphones, where opinions differ is in ‘how to secure smartphones.’ Security experts and non-security experts differ on the critical security policies required to ensure a secure smartphone.
Researchers at Google recently published a study comparing the online security practices of security experts versus non-experts. Experts and non-experts agree on the importance of passwords, while they diverge over how to best utilize software and security practices to secure smartphones and other devices.
Source: Google Online Security Blog
Security Practice #1: Install Software Updates
When asked to list the top three online safety practices, software updates was the most common response from security experts; while only 2% of non-experts agree with them and enable software updates to secure their smartphones. Concurrent with Google’s report, Android users have displayed resistance to software updates, where only 12.8% of users installed the Lollipop update and 39.2% the KitKat update.
Most recently, the Android Stagefright vulnerability affecting up to 95% of Android devices highlights the importance of software updates in securing smartphones. Google was quick to address the vulnerability, “We’ve already responded quickly to this issue by sending the fix for all Android devices to our partners.” For Android users with software updates enabled, they will receive the update ensuring smartphone security and mitigating risk, whereas Android users who have not enabled software updates will not. (Learn other ways to protect yourself from the Stagefright vulnerability).
Security Practice #2: Unique Passwords
All agree on the importance of passwords, although experts and non-experts disagree on the strength versus uniqueness of passwords. Almost two-thirds of security experts recommend the use of a password manager enabling unique passwords, but many agree they are not yet user friendly enough for wide adoption. Security experts are aware that ease of use is vital in securing environments. For securing smartphones, we recommend enforcing passcodes or biometric (fingerprint) login, imposing unique passwords.
Addressing Security of Communications
While these recommendations provide security for smartphones and the data stored on these devices, it does nothing to ensure security of the communications including phone calls and text messages between smartphones. Communication over mobile devices is an everyday part of today’s working environment, and can be easily intercepted.
In order to secure phone calls and messaging on your smartphone, simple, easy to use encryption of phone calls and messaging is critical.
I take steps to secure my smartphone, including activating a passcode to access the device, storing my work email and resources within a separate, secure container, and encrypting my communications including phone calls and messaging.
How is your organization addressing mobile security? What opportunities do you see for improvement within your organizational or personal mobile security?
For more information on securing your smartphone communications including phone calls and messaging, contact KoolSpan.