Your Phone May Be Smart, But Is It Safe?
By James Marasco, CPA, CIA, CFE January 2011 Published in The Daily Journal Current estimates from the wireless communications industry boast that, of 234 million active cell phones in the U.S., approximately 20 percent are “smart phones”. Their growing popularity has created another opportunity for thieves to gain access to your confidential data. Making sure this device is adequately safeguarded should be a priority.
Vulnerabilities
Earlier this year, over 1 million Android phone users who downloaded a free wallpaper application became victims of hackers. These applications acquired private information such as passwords, browser history, subscriber ID, SIM card number, and text messages. This information was passed through to a Chinese website. Companies are giving smart phones to their employees to stay connected 24/7. As these employees leave their office, they carry around access to confidential company documents, emails and their own personal information on their phones. It has become imperative for organizations to grant selective access to their systems via these devices and employ the necessary safeguards to monitor them.
Smart phone capabilities
Cellular telephones have made tremendous technological gains in the past few years. From the advent of the iPhone, these small hand-held devices are now used to store photographs, access email, send/receive text messages and browse the internet. They have evolved to become more like tiny personal computers rather than phones. Unfortunately, a result of these advances, they have also become as risky and vulnerable as PC’s.
Biggest threats
The greatest threat you face with your phone is losing it. More phones are lost or stolen rather than hacked into. Other threats facing smart phones include:
- Worms – Similar to those perpetrated on PC users, worms can hit phones via email or texts and attempt to download malware or steal data like bank login’s, etc.
- Phishing – Hackers try and gain access to your phone by texting or emailing links to lure the user to a website where their information can be compromised.
- Fraudulent access – Smart phones can be accessed through Blue Tooth capabilities, public Wi-Fi, illicit applications and other means
Safeguarding your phone
One of the best ways to safeguard confidential information on your smart phone is to limit the amount of sensitive material you maintain on it. Other vital precautions include:
- Protect with a password – A sophisticated password should be employed on the phone and routinely changed in case someone has observed it being typed.
- Use encryption – Most smart phones offer the ability for you to encrypt the data being maintained on the phone. This feature should be activated.
- Enable protection – Smart phones can have firewalls and run anti-virus programs similar to those on your PC. These programs should be considered as a means to protect your phone from attacks.
- Disable Blue Tooth – If you are not using your Blue Tooth features, disable them to thwart others from gaining access to your phone by using the Blue Tooth connectivity functionality. Phones also have settings to hide their Blue Tooth visibility from others and to disable your contact transfer ability.
- Maintain remote capabilities – In the event your phone is lost or stolen, you or your employer’s IT director should have the ability to remotely lock and/or wipe the phone clean of all data. Other services are available that offer the ability to track down the phone via GPS.
- Back up data often – If you are storing valuable contact information and data on your phone, consider backing it up often. In the event the phone crashes or is stolen and needs to be wiped clean, your data can be restored easily with minimal loss to a new device.
- Beware of applications – If your phone employs an open platform, the corresponding application store may not be well controlled. As a result, some of these programs you download may be used to harvest information from your phone. Some services routinely monitor and prequalify the applications being offered to users.
Smart phones represent the most popular cell phones being sold currently. As a result, millions of people are doing their personal banking, accessing social media sites and conducting confidential business transactions from these devices. Safeguarding this piece of technology is becoming critical. Don’t leave your phone and its contents vulnerable to hackers and identity thieves. Simple security measures can help safeguard you and your company from becoming fraud victims. James I. Marasco, CPA/CFF, CFE, CIA Jim is a partner at EFPR Group. He brings more than 18 years of public accounting and auditing experience. He is a full-time management consultant and travels extensively throughout the country while leading StoneBridge Business Partners (an EFPR Group affiliate company). Article republished with the permission of the Daily Record.