Top Tips To Tackle Mixing Work and Pleasure (on your phone)
Are you using your work phone to access personal email? Are you accessing work email from your personal mobile phone?
How many of you are using your personal phone to access work email and information. I know I am and I’m doing mostly for the convenience of having my email handy when I am away from my computer.
As you may be aware, BYOD – ‘Bring Your Own Device’ – is a growing trend with more people, especially young professionals, using their personal device for work. It’s hugely convenient, but it also means that employees pose a big security risk as unsecure smartphones and tablets can be used by hackers to access a company’s information – largely through the applications downloaded onto the device. IBM very recently banned Apple’s Siri due to potential security risks. But it’s not just company data that’s at risk – it’s personal information such as address books, banking information and details stored in text messages as well
This isn’t meant to be a scare tactic, but with industry estimates suggesting the average smartphone user spends more time in mobile apps than they do browsing the web, it’s important that professionals are downloading and storing apps in the safest way possible to keep their data safe.
Veracode – a global application security company – has created a free eBook that outlines simple changes to enhance security on mobile devices. Readers can download it here – http://info.veracode.com/mobile-security-ebook-download.html. Alternatively, a summary of the ten tips in the book is below and can be offered as a guide to readers.
- Use Password Protected Access Controls
Phones that aren’t locked lay bare a treasure trove of personal information – email, contacts, addresses and access to social networks and apps that may contain financial data. If you are already using an access PIN, hopefully you have picked one that’s easy to remember but hard for others to guess – so not your street address or child’s name. The strongest passwords are a combination of numbers and letters, and the longer the better. PINs aren’t the only locking mechanisms in use. Grid-based pattern locks work fine, but they leave smudge marks on the touchscreen that may be easier to guess than passwords.
- Control Wireless Network & Service Connectivity
Your smartphone’s default settings may be connecting to nearby Wi-Fi networks automatically, especially if you’ve asked it to download new email as it arrives. Some of these networks, like in airports or coffee shops, may be completely open and insecure. Hackers have demonstrated the ability to sit in a public place and “sniff” out information transmitted by connected mobile devices nearby. It’s safest to set your phone to automatically connect only to trusted networks, and to ask you before connecting to any other network it finds. The general rule is to limit your phone’s automatic connection capabilities to just the networks that you know, trust and use most often – like your office, home and gym.
- Control Application Access & Permissions
Most of today’s apps require a network connection to operate. They may store data in the cloud, constantly track your location, or push updates to your smartphone. Get to know the permission settings of each app or service and what data or systems they access. You may be permitting services to access your phone without prior approval.
- Keep Your OS & Firmware Current
It’s definitely important that you routinely accept the major updates from Apple, Google, or whoever the manufacturer is. Criminals are innovating their attacks at an alarming rate, with growing sophistication. Connect often and download security patches and other minor updates that are released expressly to block the latest hacker scheme or exploit. Most of these updates will be free of charge.
- Back Up Your Data
Start to think of your phone like you do your PC or laptop. Maybe you back up your computer data locally, or use a company approved cloud-based backup service? Take the time to sync all of your apps and data – not just your email and calendar – just in case your phone becomes lost, stolen or corrupted.
- Wipe Data
Automatically if Lost or StolenIt’s a good idea to enrol your smartphone in a “find my phone” service that will help you locate your device should it be lost or stolen. These services typically have the ability to wipe your phone, which means remotely erase all data and completely disable the device should it fall into the wrong hands. If you are using a company smartphone, your IT group probably offers these services.
- Never Store Personal Financial Data on Your Device
As a behaviour that all mobile users should adopt, this one is pretty straightforward. Never store personally identifiable information such as such as national insurance numbers, credit card numbers, or bank account details on your smartphone, especially in text messages. The best rule of thumb is to access sensitive and confidential data directly on the server, and only ever from an approved and authorized mobile device.
- Beware of Free Apps
There are lots of great free apps available, many are well reviewed and are being enjoyed securely by millions of mobile users right now. The problem is, more and more free and innocent apps are trying to make money from their offerings, so sometimes they track your personal information with limited disclosure or authorization, then sell your profile to advertising companies. The app developers in question may not even be aware of their privacy violations – leaking your location, gender, age and other personal data to embedded mobile ad networks while in the pursuit of revenue. Caution is key.
- Try Mobile Antivirus Software or Scanning Tools
Well-known PC antivirus vendors are now offering similar services to mobile users that scan and protect your smartphone just as they did your desktop. They can point out problems in your settings and instruct you how to correct them. Some even offer additional mobile security services such as download protection, SMS/call-screening services, parental controls, and anti-phishing features.
- Use MDM Software, if recommended by IT
Enrol your mobile device in a managed environment, if your organisation offers one. This will only help you as an authorised user to configure and maintain the right mobile security and privacy settings. These services control and protect sensitive and confidential business data by distributing mobile application or configuration settings to company-owned equipment as well as employee-owned.
“Why Should I Care? Mobile Security for the Rest of Us,” was written and published by Veracode, the world’s leading provider of cloud-based application security testing services. The eBook outlines the ten steps that can be taken by individuals and organizations to protect against potential security risks brought on by the bring your own device (BYOD) to work trend.