Advice for BYOD users: don’t be naive about mobile security.


Trend Micro interviews at the Mobile Convention Amsterdam 2012 reveal a shocking lack of education with regard to the security risks posed by mobile devices. Here is what you should know.

We all love our smartphones and tablets. And we all love those little mobile apps that make our devices so unique, useful, and fun. But have you ever thought about how safe they are? Should you trust your smartphone to shop online? Is it safe to access you bank account from your tablet? Is it ok to check your corporate email from your mobile phone? Should you trust the device manufacturer? Should you trust the app developer? Do you need mobile security software – as you know you do for your PC?

Trend Micro interviews at the Mobile Convention in Amsterdam reveal a general lack of education with regard to the security risks posed by mobile devices. Some people believe a pin code is all they need — but then admit not using one. Others believe a regular backup is enough. Others trust the device itself. Most are quite candidly clueless.

So, what are the recommendations for mobile users, especially when they use their personal mobile devices for work? Here is a set of basic security rules that you may want to consider:

  • Make sure you have passwords for the device and passwords for the various applications such as email and online accounts. I know that typing passwords on a small keyboard, on a small device, on the go, is not that simple. But I would definitely recommend it as a first line of defense.
  • Pay attention to the operating system and to your applications and make sure they are always up to date. Keeping your device and your apps updated really solves most of the security flaws that vendors identify and fix on a regular basis.
  • Very important: pay attention to what applications you download and install in your mobile device. You may have an Apple iOS device such as an iPhone or and iPad. Or you may have a Google Android device such as a Galaxy Tab or similar. Although these devices are not exposed to the same threats, one simple concept applies to them all: pay attention from who you get your applications from. Not all websites and app stores have a good reputation. Pay attention to name and reputation of the software developer. There have been situations where vendor names have been spoofed, so that end users are led to install malicious apps instead of the genuine one. A good mobile security software detects these rogue apps and alerts you of dangerous websites known for spreading malware.
  • Special note for Android users: pay attention to the permissions required by the application during the installation phase. If you are installing a video game and the app requires permission to access your phone book and to send text messages, that looks fishy. You may want to reconsider installing that app.
  • Special note for Apple iOS users: do not jailbreak your iPhone or iPad. A jailbroken device is not a secure device. While jailbreaking in itself doesn’t represent a security issue, it makes the all system much more vulnerable to poorly written code or plain malicious apps. Think about it: If the device can be jailbroken, by definition it can be exploited — the jailbreaking procedure itself is in itself an exploit.
  • Final recommendation: beware the dark side of BYOD – privacy, personal data loss and device seizure. Make sure you fully understand your company’s Acceptable Use Policy and the implications of using your personal device for work.

COMING NEXT Advice for IT managers: don’t overlook BYOD security risks.

About Cesare Garlati
Chief Security Strategist prpl Foundation Cloud Security Alliance Fellow

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: