The Good (and Bad) News About Mobile Security
This post was authored by Ariel Gilbert-Knight, Technology Analyst for TechSoup, and originally appeared on The TechSoup Blog.
There's good news and bad news about mobile security. First, the bad news: mobile security is a rapidly growing problem. The good news is that there are some basic steps you can take to protect the mobile devices you use in your nonprofit or library.
We've spent a lot of time talking about apps through our App It Up project, and we encourage you to explore how apps might help your organization. But we also want nonprofits and libraries to explore apps safely and securely.
A Growing Problem
As more people use mobile devices to store and access sensitive and personal information, mobile devices have become a more appealing target for cybercriminals. Device loss, data theft, and mobile malware are just a few of the things you need to worry about.
While Android devices have been the most popular targets for mobile malware, all smartphones and tablets – including Android, Apple, Windows, and Blackberry devices – are at risk for theft and data loss.
What Is Mobile Malware?
Malware is a combination of the words "malicious" and "software." It is a catchall term for threats like viruses, worms, spyware, and adware. In many ways, a "smart" mobile device is basically a small handheld computer, so mobile devices are vulnerable to malware, just like computers are.
Mobile malware can steal personal information, banking and credit card details, and intellectual property. Malicious software can even steal money directly, for example by making your mobile device send text messages to charge-per-text numbers.
Where Does Mobile Malware Come From?
Mobile malware comes from many of the same sources as PC malware: links in email, instant messages, or websites, and from downloading infected files.
Mobile apps are an increasingly common way to install malware on mobile devices. Malware apps masquerade as a legitimate app (sometimes even as a copy of a popular app). Once downloaded, these malicious apps can gain access to a mobile device's core features and the data stored on the device.
Protecting Your Mobile Device
There are some common-sense steps you can take to secure your mobile device. Many of these are the same steps you take to keep your PC safe and secure:
- Have a strong password: If your device is lost or stolen, a password is your first line of defense. Some devices also have a setting that allows you to automatically wipe all data from the device after too many incorrect password attempts.
- Be careful what you download and what you click: Only download content and apps from trusted sources, and don't click unknown links. Do some research before downloading apps – check out the app publisher and read user reviews.
- Keep your software updated: Updated versions of your device's operating system can close security holes.
- Pay attention to strange behavior: Unexpected incoming text messages or charges on your mobile bill, slow performance, or decreased battery life may be signs your device has been compromised.
- Use security software such as mobile antivirus/anti-malware, firewall, backup, and encryption software. Lookout Mobile Security (Android and iOS), Norton Smartphone Security for Windows (available through TechSoup), and Norton Mobile Internet Security for Android can provide an extra layer of security for your device. Hotspot Shield for iOS allows you to create a mobile virtual private network (VPN) for secure encrypted browsing, even over unsecured public wireless connections.
- Remote wipe allows you to delete the device's data remotely after it is lost or stolen. Blackberry and Windows phones have remote wipe capabilities. Lookout Mobile Security and other software tools can add this capability to some other devices.
- Create a mobile device policy for your organization outlining acceptable mobile use, security requirements, and what to do if a device is lost or stolen.
- Be careful what your store: The easiest way to prevent someone from stealing confidential or personal information from your mobile device is not to have that data on your device in the first place.
- Check out TechSoup's Security Forum and Security Corner
- Juniper Networks' mobile malware infographic, PCWorld's mobile malware article, and Lookout's Mobile Threat Report provide more information on the mobile threat landscape
- ReadWriteWeb provides tips for keeping smartphones safe
- Read up on Android mobile security apps