Are you using your own Apple or Android smartphone or tablet for work? Industry researchers at IDG estimate that 84% of companies already allow this in one form or another.
The benefits of this trend, called bring your own device or BYOD, include anytime/anywhere access, higher productivity for mobile workers and more job satisfaction because people get to use the personal technology they know and prefer. Yet few understand the security risks mobile devices present to employers and their own identity.
Research shows that only one in three Americans realize they can get malware—malicious software designed to steal login credentials or other personal information—on their mobile phones. Yet hackers are increasingly focused on mobile malware, which skyrocketed in the first half of 2012 with more than 10,500 new strains of mobile detected compared to less than 1,000 in all of 2011, according to antivirus maker McAfee.
Here are seven security tips every mobile worker should know.
1. Password protect your phone, and consider getting a remote phone tracking and data wiping service. Lost mobile phones, laptops and USB flash drives can lead to your online identity being compromised and are a frequent cause of data breaches.
2. Don’t click on suspicious links. Mobile devices, like PCs or Macs, can be infected with malware. Hackers rely on “phishing” e-mails to infect mobile phones with malware.
3. Only install apps from reputable sites and developers. If a mobile app sounds too good to be true, it might be because it’s carrying a malware “payload.” While Apple checks apps it makes available online, Google does not do this for Android devices. Consider antivirus software, especially for Android devices, to help protect you from malware.
4. Keep your phone updated with the latest firmware, as device makers are constantly improving the security of their operating systems (OS) and correcting possible vulnerabilities.
5. Do not “jailbreak” your Apple device or “root” your Android phone, actions that remove limitations on the OS. Doing so will open up the door to malware and should be avoided.
6. Where possible, use mobile devices to help verify your identity online or at work. For example, online service providers from banks to email providers are starting to use text messaging to send one-time passwords (OTPs) to help verify your identity when you access an online account, confirm transactions or make changes to your profile. Another option is a Mobile OTP app you can use to generate passwords right in your phone. OTP presents a significantly greater challenge to a hacker, because they must not only steal your password, they must try to compromise your mobile phone too.
7. Recommend that your employer capitalize on the BYOD trend and use mobile devices to enhance their IT security. They could use an OTP app, or even use security options inside phone SIM cards to store a verified identity credential that can digitally sign and prove your identity online. The United States Department of Defense is working on this approach using the federal government’s smart card-based Personal Identity Verification (PIV) ID credentials. Eventually this same capability could be made available in driver’s licenses or other government issued IDs.
Enjoy using your mobile device online but remember you have a responsibility for knowing how to stay safe when you do, like with your PC. Just being aware that there are security risks will help, but security is less mature on mobile phones than on PCs, so you have to be even more vigilant. And look for ways to add mobile security features to your phone for use at work or from your bank, ecommerce and other online service providers. A good place to start is in the security section of their website help pages.