In today’s world, most things are documented, stored and communicated through our digital devices, be it a smartphone, tablet or other electronic devices. Keeping these safe involves more than just preventing intrusion by malicious software but actually physically protecting these devices, as you would with other important things in your life.
It’s time to step up your preventive measures. Goh Su Gim, a Security Advisor from F-Secure in the Asia Pacific region based in Kuala Lumpur, Malaysia presents 10 steps on how to go about it:
1) Stay alert
Theft and loss of smartphones today is at an all-time high. In the USA, 100 smartphones are lost or stolen every minute. Here in Malaysia, we hear many horror stories of smartphones being stolen – such as thieves snatching it out of the hand while the victim is still conversing on it! Today, the chances of your smartphone being stolen or misplaced are higher than actually getting malicious software on it. So stay alert and aware of your surroundings while you’re using your device.
2) Lock your phone
Secure your smartphone by locking it with a password, to restrict easy access to the keypad and stored contents. This will not only slow down thieves, but also prevents intruders from quietly installing spyware on the device while you are away. Refrain from using a ‘swipe’-type password, as tests by ‘white hat’ security researchers show it is easier to guess a ‘swipe’ password than a 6-digit alphanumeric password.
3) A picture says a thousand words
Smartphones with high-quality built-in cameras and a data connection to social media services and photo sharing applications (such as Instagram and Flicker) have made digital photo and video capture on these devices more popular than ever. It also means that users inevitably store the captured photos and videos on their devices. Photos today can include not just the image itself, but also useful metadata such as the time/date stamp, the hardware used and most importantly, the GPS coordinates. These are details that can be used to track the user’s movements. Taking care and refraining from sharing too much info is your best bet.
4) Download apps only from the Play Store
By default, Android devices block installation of apps from any source other than the regulated Play Store. You can check if your device only allows Play Store apps by looking under Settings > Applications > Unknown sources. If the checkbox is checked, non-Play Store apps can be installed. Uncheck this.
5) There is no free lunch!
This maxim is especially true when you’re talking about apps. Malware creators can easily repackage popular games such as Candy Crush and Angry Birds to include malware, and then put these trojanized packages in third-party app stores or file-sharing services for other unsuspecting users to download. This is currently the preferred way for cyber-criminals to target smartphones in order to collect personal details they can sell in the underground data-mining black market. It is a flourishing industry for mobile malware writers, as the number of smartphone users continues to grow. F-Secure Labs detected 149 new mobile malware families in just the first 3 months of 2013.
6) Beware phishy links
Exploiting quirks in human behavior (also known as ‘social engineering’) is a popular way to trick users into doing something detrimental. Reading e-mails is the top ‘To Do’ item on a smartphone and an old trick that works on PCs – seeding e-mails with links to malicious sites – works just fine on smartphones too. So if the e-mail sounds too good to be true, it probably is.
7) Size does matter
The relatively small screens on mobile devices aren’t ideal for spotting suspicious details in an e-mail or webpage, especially when you’re using the device in a busy, distracting environment (for example, when you’re waiting for a train and constantly looking away from the screen). This makes it easy for cyber-criminals to get away with minor trickery – such as a website named Amaz0n.com instead of Amazon.com – that would be easily spotted on a full-sized LCD screen.
8) Do NOT jailbreak or root your smartphone!
Jailbreaking is a technical term for removing restrictions set on the operating system (OS) of your device. This is usually done to gain full control of the OS or to download apps from third-party hosts. Unfortunately, rooting also makes your device more susceptible to malware and intrusion.
9) Mobile security software: scan your apps!
Use mobile security software to protect your smartphone. If you accidentally download a tainted app from an unknown source, or click a phishing link, mobile security apps will protect your device from infection. Many also include features to lock your device, encrypt data on it, locate it via GPS if you’ve misplaced it and remotely wipe data from the device if you’ve irretrievably lost it.
10) Backup, backup, backup
Much like buying health insurance, everyone hopes they’ll never need to recover their data from a backup. In a worst-case scenario however, if your device is stolen or misplaced, having a backup in place will ensure all your irreplaceable data (your contacts, e-mails, photos and so on) is not lost forever. Cloud backup services like F-Secure’s Content Cloud enables seamless backup of your smartphone’s contents through an Internet connection. You can quickly restore all your saved details from the cloud onto your replacement phone, minimizing the impact of losing your device.
Mr. Goh Su Gim is a Security Advisor who represents F-Secure in the Asia Pacific region, where he is actively involved in activities that raise public awareness of the IT threat landscape. He can be found giving talks in conferences, and acting as a liaison between the public and the local F-Secure office in Kuala Lumpur. He stays on top of the latest IT security related news, blogs about the latest threats and attacks or interesting findings from the F-Secure Labs.