Most of us have had direct experience of a malware attack on our computers in recent years, and have heaved a sigh when this has finally been resolved.
But how safe are we with our mobile smartphones? A recent British headline suggested that 900 million Android phones were at risk from malware threats. The risk remains on IPhones and Windows Phones. Mobile phone users currently use their phones for everything from communication, social networking and emails.
Recently mobile money and banking transactions has become the norm – anything from paying utility bills, transacting at cash tills and transferring credit or monies when required. And believe me – there are criminals out there actively working at getting to your phones.
Smartphones’ popularity and lax security have made them attractive targets for attackers. According to a report published earlier this year, smartphones recently outsold PCs for the first time, and attackers have been exploiting this expanding market by using old techniques along with new ones.
An example is the Valentine’s Day attack, in which attackers distributed a mobile pictures haring application that secretly sent premium-rate text messages from the user’s mobile phone. Another study found that the number of new vulnerabilities in mobile operating systems recently jumped 42 percent. From a company perspective, many users are now utilising their own mobile devices to transact official company business. Confidential company data can make its way onto mobile devices, where it’s no longer under the protection of your toughest network defenses.
So – how do we make sure we remain risk free with one of our most widely used devices? First and foremost, look more seriously at the security features of the device that you are planning to buy, then the colour of the phone or the gimmicks it may have. Seriously! Some things to look out for include whether the phone has for example biometric readers for authentication.
Ensure that your phone is password or PIN protected – it is amazing how many of us do not bother with this function which is generally offered on most modern devices. Avoid silly PINs such as 0000, or 1234, please? Remember, wireless transmission is not always encrypted. Emails, for example, are usually not (although I see Whatsapp has recently ensured all its transactions are).
But most emails or downloaded apps do not have encryption which leaves them very vulnerable to interception.Avoid keeping your wireless connectivity on all the time (and for that matter, Bluetooth), and definitely avoid connecting to any free and unidentified wireless networks that your phone may find. Be very careful ofdownloading apps that may contain malware – especially free games that users know should be chargeable for. As I always say – there is no such thing as a free lunch.
With regard to email attachments, my usual advice applies – do not click without sender verification. Users who depend on the mobile phones for business and financial transactions, should look to their software supplier apps store and download security software as soon as possible. Most options available are free. Yes, it may slow down your phones operating system and drain some battery life, but it is worth it.
Do not forget to keep your phone and app software up to date at all times. Many manufacturers stop supporting their devices 12-18 months after their release. Check regularly on this. Common in Malawi, but a high risk device is one that has that has been modified by “rooting” or “jailbreaking”.
This changes how security for this device is managed and could increase security risks. When conducting financial transactions online – look out for two factor authentication offered by your banks and online suppliers. This usually requires the user to authenticate using two different factors – example being a password and an SMS generated pass code.
Acting on the above will go some way towards protecting your smartphone – if still concerned – do some online research on other areas where you can ensure you do not suffer from the anticipated malware attacks currently being worked on.