in

This Blog

Syndication

Tags

News

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

AlertBoot Endpoint Security

AlertBoot offers a cloud-based data and mobile device security service for companies of any size who want a scalable and easy-to-deploy solution. Centrally managed through a web based console, AlertBoot offers mobile device management, mobile antivirus, remote wipe & lock, device auditing, USB drive and hard disk encryption managed services.

Mobile Device Security: Internet Crime Complaint Center Issues Warning And Safety Tips

The Internet Crime Complaint Center (IC3) has published an intelligence note on how to stay safe while using a smartphone and other mobile devices like tablets.  While mobile device security solutions like AlertBoot can drastically reduce the data threats mobile device users face, it cannot cover all bases.  The following are excellent tips on furthering one's data security.

Instead of republishing the list, I'm going to group together and comment on what I feel are the basics when it comes to data security.

Security Basics

These are the easiest to implement and "forget about it" once you've set them up.

  • Depending on the type of phone, the operating system may have encryption available. This can be used to protect the user's personal data in the case of loss or theft.  Disk encryption is the easiest way to protect the data on your mobile devices (smartphones, tablets) and portable devices (laptops, external hard drives).  Encryption ensures that people who steal your devices or find it, and don't return, can't hack into the data.  Encryption should be used in conjunction with....

  • Passcode protect your mobile device. This is the first layer of physical security to protect the contents of the device. In conjunction with the passcode, enable the screen lock feature after a few minutes of inactivity.  Encryption is good, like a bank vault made of 3-ft thick wall is good.  However, if you keep the door open and unlocked, those walls are useless.  Likewise, passcodes -- the longer, the better -- should be used on devices.  On most modern mobile devices, the correct passcode also disables encryption temporarily, while the device is being used.

  • Obtain malware protection for your mobile device. Look for applications that specialize in antivirus or file integrity that helps protect your device from rogue applications and malware.  Malware on smartphones and tablets tend to come in the form of account data scrapers (think bank apps and account information) or SMS scams (your mobile phone automatically texts an expensive text-to-charge numbers).  Malware protection can't catch all instances, but setting something up early on is better than not having it at all.

  • Jailbreak or rooting is used to remove certain restrictions imposed by the device manufacturer or cell phone carrier. Some people like to have full control over their devices, and hate the restrictions that come built into the device (Apple tends to be the most heavy-handed, according to some people).  The problem with jailbreaking and rooting is that, generally speaking, it increases the surface area for attacks, where some arcane weakness that was non-existent may be opened for attacks after applying the hack.

  • If you decide to sell your device or trade it in, make sure you wipe the device (reset it to factory default) to avoid leaving personal data on the device.  There is wiping and then there is wiping.  Digital data can be recovered even if you wipe it.  Make sure the method you're using ensures actual data annihilation.  For example, if you use encryption on your iPhone, incorrectly entering the passcode more than 10 times wipes the data beyond the point of recovery (assuming the setting is in place).

When you consider that the loss of devices account for approximately half of all data breaches tied to mobile devices, the above security practices can have a great impact on your overall digital security.

Operational Security

The following hints by the IC3 are what I term "operational awareness."  I won't comment on them.  Instead, I reproduce them here as is (or you can read them off the original page).

You can't just set the below up and forget about them.  Rather, you constantly have to keep them in the back of your head and make sure that your actions represent safe use of devices.

  • When purchasing a Smartphone, know the features of the device, including the default settings. Turn off features of the device not needed to minimize the attack surface of the device.

  • With the growth of the application market for mobile devices, users should look at the reviews of the developer/company who published the application.

  • Review and understand the permissions you are giving when you download applications.

  • Be aware of applications that enable Geo-location. The application will track the user's location anywhere. This application can be used for marketing, but can be used by malicious actors raising concerns of assisting a possible stalker and/or burglaries.

  • Do not allow your device to connect to unknown wireless networks. These networks could be rogue access points that capture information passed between your device and a legitimate server.

  • Smartphones require updates to run applications and firmware. If users neglect this it increases the risk of having their device hacked or compromised.

  • Avoid clicking on or otherwise downloading software or links from unknown sources.

  • Use the same precautions on your mobile phone as you would on your computer when using the Internet.

Related Articles and Sites:
http://www.ic3.gov/media/2012/121012.aspx

 
<Previous Next>

Bank Disk Encryption: TD Bank Announces Data Breach Of 267,000 Clients

Dormant, Shelved Encryption Licenses: Veterans Affairs Department Only Activates 16.25% Of Procured Licenses

Comments

No Comments

About sang_lee

Sang Lee is a Senior Account Manager and Security Analyst with AlertBoot, Inc., the leading provider of managed endpoint security services, based in Las Vegas, NV. Mr. Lee helps with the deployment and ongoing support of the AlertBoot disk encryption managed service. Prior to working at AlertBoot, Mr. Lee served in the South Korean Navy. He holds both a B.S. and an M.S. from Tufts University in Medford, Massachusetts, U.S.A.