Three tips for smartphone security
This week is Cyber Security Awareness Week, and to follow on from yesterday's story on the four basic steps consumers and small businesses can take to protect their PCs, here are three more to help people protect their smartphones, courtesy of Symantec's David Hall.
1. Choose a strong password, and change it regularly
Although the message about selecting strong passwords for PCs is starting to sink in, smartphones are still so new that many users don't think to apply the same standards, Hall says.
"Most people think because the phone's with them all the time it's safer," Hall says.
"Really you're taking you most personal computer out of the house all the time. It's a different level of security to get your head around.
Despite the hassle, smartphone users should definitely use a password to unlock rather than the basic swipe feature. As with other passwords, that password should be random, rather than repeated numbers or a number sequence.
Numbers related to the user, such as a birthday or postcode, should be avoided as well, as this information can be found out, particularly through social networks.
Users can also select longer passwords to increase their security level, Hall adds.
"Most people think you can only have four-digit security, but with most phones there's a switch to change it to a six-digit password. The difference is that there are so many more permutations that a cybercriminal would need to try.
2. Set a 'wipe' function
A lot of apps are given direct access to a user's email, social networking, and even bank accounts in the case of mobile purchase apps. While it's hard to imagine sitting and testing passwords for hours on end, with the size of the payoff, there are people out there for whom it will be worthwhile.
Choosing a strong password is a good start, but setting an automatic wipe after repeated wrong answers is definitely worth extra 'bonus points'.
"If someone gets the password wrong after, say, 10 times, it's probably not wise for them to be able to keep trying," Hall says.
Although users may not want to risk losing all their data if the device turns up, there are technologies around that can mitigate this loss, Hall adds.
"With smartphones able to connect to cloud services it's not as painful as it used to be to wipe these devices.
3. Install a 'remote wipe' command
If someone does manage to breach your password, you want to be sure you can stop them from accessing your data.
The best way to do that is with a 'remote wipe', which allows the user to clear the device's memory from any another internet access point.
This option comes with the fear that the device may simply be lost somewhere, and that the remote wipe will create a huge hassle once it's found. However, once again the cloud option can mitigate this loss, and really, it's not worth the risk.
Hall adds that for people who want to go further there are additional online measures, such as phone tracking apps.
Sure, some thieves seem to want to be found, but most won't be so accommodating.
"People need to think of all the other parts of their identity that could be recreated if they lost their phone," Hall says.
"The average New Zealander has 25 apps installed on their phone. If you've got those apps pre-wired to your personal information, it's pretty low-hanging fruit.