Mitigate Smartphone Risk

According to the FCC, there is not yet a comprehensive set of statistics and database around smartphone loss or theft.  However, even lacking complete or comprehensive data, the available statistics are alarming:

  • 34% of smartphone users fail to activate any security mechanism
  • In New York city, 55% of grand larcenies from a person involved a smartphone
  • In San Francisco, 59% of thefts involve a smartphone
  • In London, 49% of thefts involve a smartphone

Theft alone is not the only concern we face.  According to Lookout Mobile Security, malware grew substantially in the United States during 2014 by 75% over the previous year which was attributed to ransomware type threats which seek payment for return of devices or data.

Losing a smartphone is very much like having a wallet lost or stolen except that smartphone risk is much greater.  A wallet contains a finite range of valuables such as cash, credit card, ID, etc.  These types of valuables are shared with a smartphone, although a smartphone also can provide access to corporate networks as well as either personal or business related cloud data. Given the high stakes, it behooves any individual or business to implement steps which help to mitigate smartphone risk.

The following 10-steps to mitigate smartphone risk are steps business owners and individuals should take to help mitigate smartphone risk:

  1. Be aware of surroundings and protect your smartphone like your wallet or purse.
  2. Use a password, swipe pattern, or fingerprint to protect access to the device.
  3. Backup any data on the device to a secure location.  Once the device is lost, any data that was on it is lost forever unless backed up to another location.
  4. Install software to protect against viruses and other malware.
  5. Take a critical view of all apps installed on the device and install only from reputable sources.  Even when using reputable sources, fake applications can and do find their way into the market and can cause harm.
  6. Read and consider the access the application is requesting before completing the installation.  Does the app really need access to email, contacts, location and other data?  If the application seems to request too much access and information, then determine if you really want or need that application in the first place or if safer alternatives are available.
  7. Install software which allows  the device to be located if lost or stolen, and which also allows you to remotely wipe the data on the device.
  8. Invest in a privacy filter to prevent shoulder surfing.
  9. Do not respond to unknown SMS messages as they are often a vector to install malware or steal data.
  10. If disaster does happen and your smartphone is lost or stolen, ACT.  Try to track the device, then implement a remote wipe, and finally report it to your cellular carrier and law enforcement authorities.

For businesses, it is also important to encourage employees to quickly report a lost smartphone.  Quick response is essential and often employees will hesitate to report the loss for fear of reprisal.  Shortening the gap between detection and response could mean the difference in preventing loss data or harm to the organization.

As increasing numbers of devices connect to the Internet, we will likely see more and not less risk of being connected. Smartphones have simply been the leading edge of the Internet of Things.  Yet, as with many areas of security, awareness and common sense can go a long way to help us to mitigate smartphone risk.

– Ted Lloyd, CISM

Comments are closed.