Risk Management Blog - ClearRisk

Mobile Risk: What are you really carrying with your smartphone?

Posted by Craig Rowe on Tue, Nov 17, 2009 @ 16:11 PM

Kevin Bacon had his stolen in New York, British Major General Gerry Berragan had his pick-pocketed on a train in China, President Obama may still have his hacked, and at any point in time thousands of smartphone owners could be running information-leaking viruses without knowing it.

Living in an increasingly mobile and connected world changes the boundaries and realities of risk. When you carry the world at your fingertips you take with you risks that, if not properly managed, can bring about huge loss.

Of major concern are risks surrounding viruses, theft and loss. These risks can affect the protection of employee and customer information, your company’s reputation, your intellectual property, and your competitive advantage.

How do we put ourselves at risk?

LAN connectivity, wireless access and data transfer open smartphones to viruses and other intrusions putting personal and corporate information and communications at risk. If a virus is able to gain access to your device, it can run small and unnoticed, accessing your information, making outside connections, and passing data to an outside computer or device.

When a smartphone has been lost or stolen, the two major areas of concerns are related to the data stored on the device, and the applications running on the device.

How do you protect your smartphone and your data?

  • Closely manage authentication, authorization and encryption. Identify individuals accessing content using usernames and passwords. In some cases, single-use passwords and other certification methods may be of use.
  • Always use secure transmission methods. Confidential, authenticated transmission will help protect against unauthorized interception.
  • Choose smartphones that are industry-leaders in security and that are the most difficult to hack. Products change rapidly so check out customer reviews and publications like Consumer Reports to find out which has the best security for your application.
  • Make sure you know what you’re downloading. Because viruses can be transferred on other attachments, only download files and attachments from trusted sources.
  • Shut off Bluetooth when it is not in use. Bluetooth viruses can transfer to your device and unwanted listening can occur via Bluetooth.
  • Clear your device’s memory often. This will help protect information transmitted in unencrypted e-mails as well as saved usernames and passwords.
  • Keep your smartphone in a safe place to protect it from loss or theft.
  • Set strong passwords and reset them frequently. Microsoft provides a good guide to building strong passwords as well as a password strength checker. Using a Strong Password Generator like the one provided by pctools.com will most definitely provide you with a password that will help keep your information and communications private.
  • Keep general return information in your device. If lost, it will have a better chance of being returned to you.
  • Have remote disable capabilities in place. If your smartphone device is stolen, disabling your phone involves requesting that your System Administrator immediately lock your device so that it cannot be accessed by the wrong persons. This type of disable mechanism, if reversible, can be a quick and easy way to protect your device in the event of theft or other loss.
  • Set policies and documentation procedures. These procedures should guide and measure any formally-implemented smartphone risk management activities.

photo via flickr user liewcf

Topics: smartphone risk, wireless risks, encrypting devices, mobile phone risk, mobile device risk