jump to navigation

Risk in Mobile Security December 2, 2013

Posted by cgreigmu06 in Security.
trackback

With the introduction of mobility in our everyday lives, the data that we provide has become increasingly easier to access across all levels of technology. Smartphones have provided another layer of access to this data, but with this technology, the level of risk to cause harm to our data has increased [1]. With mobile devices, we as users have a higher likely hood of having our mobile devices lost, stolen, hacked, and infected with unwanted security threats. According to resent information more than 1.6 million people have had their smartphone either lost or stolen in 2012, with a total loss of over $30 billion [2].  We will go through some of the safe guards that individual users and corporations can apply. As in any device that is connected to the internet/intranet, we all put ourselves at some level of security risk [3]. In order to help combatant risk we must follow steps that will help minimize any threats that may affect us individually or the corporations that we work for [4].  There are many security protection applications out there today, from basic anti-virus application to security-encrypted application that encrypted information once secure information has been identified. These applications are designed to help the user prevent unwanted information being either downloaded or sent that is unsecured.

 There are many different types of risk that individuals and corporations face when dealing with personal or private data [5].  Type of risk can be anything from as small as personal email between mother and daughter to a documentation listing all of the employees a corporation is looking to layoff.  In the research we will look at Personal Risk, Business Risk and Unknown Risk [6]. All of these risk are further complicated by the different types of attacks sometimes called social engineering [7] are now used to gather secure data. Phishing is a way of trying to gather usernames, passwords and credit card details for unknowing victims. Smishing is a form of phishing but using messaging systems to gain or gather data information. Baiting is a form of using external divers so that victims mistakenly install or added harmful programs to various devices. There are many more ways of trying to gather unwanted data, but these are some of the main tools.

  • Personal Risk deals with the types of risk that is important to an individual’s online safety. Having access to someone’s online self can be very easy to obtain and at the same time hard to remove once the data has been uncovered.  Identify thief is one of the growing forms of crime that is committed on the internet.
  • Business Risk deals with the type of risk that is associated with a business environment.  Businesses have a fiduciary responsibility to its customers and employees. Data that could be incorrectly released could affect the overall business goals. Security risk could potentially lead to a downfall with in the corporation and outside of the corporation. Maintaining or preventing security risks is vital to a reliable and substantial corporation for everyone’s long term goals.
  • Unknown Risk deals with future risk where individual and corporations need to be open to with the ever changing security environment dealing with risk. Hopefully staying one step ahead of the technical tools criminals are trying to use to obtain your data and cause harm. Forward-thinking should be the thinking of all smartphone users.

Security prevention should be handled by the individual for personal use and the corporation for work place use [8]. Each area plays a role in helping to prevent security breaches. The biggest rule is to always have an idea of your surroundings and a smartphone should be treated the same as any other electrical device that holds valuable data. Have common sense, if you don’t trust a site, an email or applications don’t download. Here are a few things that individuals or corporations can do to help provided security preventions in mobile computing smartphones.

Individual smartphone holders play a key role in limiting security risk [9].  Most of us do not realize that the data we are providing through a smartphone can contain vital data that if someone had access to could cause either financial harm or physical stress on the loss of security. Below we will go through some ways to help keep security number one in the minds of individuals and corporations.

  • Configure. When not using your smartphone make sure that the lock feature is turn on to your specific operating system (OS) manufacture. With today’s smartphones there are many different options to choose from to help lock your phone.  You can provide a four-digit personal identification number (PIN) that can be used to lock or unlock a phone. There is the option to provide a password. There is also the ability to create a custom pattern that you must follow on the screen in order to unlock the phone. Each way has its pluses and minus. A four digit pin is easily cracked due to a limited number of characters.  A password is no different than a PIN but with many more characters. The custom pattern is interesting, but there have been studies that are able to track your finger prints to unlock the pattern.
  • WiFi and Bluetooth. Make sure when connecting to WiFi that you are connecting to a secured network that you trust.  Stay away from unknown network connections and hotspots, which could provide harmful material. Turn off Bluetooth when not in use, data can be pulled without your knowledge. Also, Bluetooth can cause unwanted drain on your battery leaving you with having to charge your phone in a potentially unsafe place.
  • Anti-Virus Programs. Install anti-virus programs on your smartphone, there are many free and pay for applications available. Each anti-virus application provides a different level of protection, with many of the top antivirus companies providing a mobile version of their software.  Know that a paid service will not always provide the user with the best level of service.  It really depends on how the user is going to use the smartphone. With corporation provided smartphones the antivirus protections may already be available depending on the company’s security agreement and should follow what has been provided by the IT department.
  • Be Smart. Keep your smartphone with you at all times; if not make sure it is secure and hidden from view. Remember a smartphone is more than just a phone it hold valuable information and should be treated as such. Clearing data is another good practice is to make sure you avoid using anything that remembers saved responses:  names, passwords, searches, etc. This information can be used to gather harmful information about the individual of the smartphone.

 Corporation that provide smartphones also play a key role in limiting security risk. Corporations have a finical responsibility to provide security measures for their employees and for their customers. Unsafe security messages can lead to dissatisfaction with customers, which can lead to loss of revenue for the corporation.

  • Networks. Provide safe and reliable networks so users are able to secure locations that are safeguarded against any risk treats. Websites should be securing available and a virtual private network (VPN) connection is a must in a secure corporation. 
  • Education. Corporation need to say up-to-date with the current technologies, and empowering their employees by providing yearly compliance training to make sure employees know current smartphone best practices. Having educated employees will help lessen the chance of a security breach of data [10]. 
  • Encryption. Smartphones should have some level of encryption when dealing with customer data.  Data should be stored in a secure location and only available through the smartphone with a secure sign in and location. Restrict access if the connection is not desirable for the server.

Overall, protecting one’s personal data and private information is a major responsibility for everyone to follow.  Users need to be aware of the different security features that are built into most mobile devices and choose to use instead of ignoring them. Security features are not meant to be bothersome to the user, but provide a level of protection against unwanted risk treats that could be harmful long term.  Users need to be smart with how the data is being used and also try to stay up to date with the changing environment.  Having an understanding of the type of risks involved will hopefully lead to a more secure environment for all.

 

References

[1]  Palenchar, Joseph, Smartphones Continue Upward Spiral, TWICE, vol. 26, no. 4 (Feb 7, 2011), p. 6-7

[2] ABC News [Online]. Stern, Joanna, Available at:  http://abcnews.go.com/blogs/technology/2013/06/feds-push-apple-google-to-combat-smartphone-thefts/

[3] Robert Regis Hyle, Mobile, Cloud Computing Issues Challenge Risk Managers, Property & Casualty 360, (Feb 16, 2011), p. n/a.

[4]  Scitech Book News, Risk assessment and management in pervasive computing; operational, legal, ethical, and financial perspectives, vol. 33, no. 1 (Mar 2009), p. n/a

[5] Tiganoaia, Bogdan, Comparative Study Regarding The Methods Used For Security Risk Management. Buletin Stiintific, Dec 01, 2012; Vol. 17, No. 2, p. 149-155 

[6]  Castelnovo, Walter. Social Computing Tools for Inter-Organizational Risk Management, European Conference on Information Management and Evaluation, (Sep 2011), p. 92-100

[7]  Wikipeida. [Online]. Available at:  http://en. wikipedia.org/wiki/Social_engineering_%28security%29

[8]  McKinnon, Roddy. Promoting the concept of prevention in social security: issues and challenges for the International Social Security Association. International Journal of Social Welfare, Oct 01, 2010; Vol. 19, No. 4, p. 455-462

[9]  J Brooks, David. Security risk management: A psychometric map of expert knowledge structure. Risk Management, vol. 13, no. 1-2 (Feb/Apr 2011), p. 17-41

[10]  Pluta, Paul L; Fields, Timothy J; Smith, Alan J. Compliance Case Study #3-Manual Processes, Performance

Advertisements

Comments»

No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: