Keys to mobile security: Consistent controls, user common sense
- By Greg Crowe
- Sep 21, 2012
More and more people are using more and more smart phones and tablets every year. In fact, there may be more mobile devices in use than there are people on this Earth by the end of this year, according to the World Bank.
Mobile devices already out-number people in the United States. So, naturally, one of the government’s concerns is the security of mobile devices and their networks.
The Government Accountability Office was tasked with identifying security threats common to all mobile devices, what current security is in place against these threats and how have the government and private sectors been addressing the potential problem. GAO just released a 54-page report on the subject.
The grace period on mobile security is over
Mobile security guide catches up with smart phones, BYOD
So what did GAO conclude? For one, we need to be more concerned about mobile security than we have been. While that does seem like the invariable conclusion, the report’s authors itemize the factors that have brought us to this place.
First, the number of malware instances on mobile devices has jumped from about 14,000 to 40,000 in only the 11 months from July 2011 to May 2012. That is a 185-percent jump in less than a year. In addition, a properly equipped criminal could intercept data transmissions in an attempt to garner sensitive data.
Second, most cell phone users are not properly educated about mobile security best practices, so they are repeatedly making rookie mistakes such as not securing their device with a password. This is a failing, in GAO’s opinion, of both the providers to educate users and the Federal Communications Commission (FCC) to encourage and coordinate that education.
The National Institute of Science and Technology has led the way with its National Initiative for Cybersecurity Education (NICE), but GAO doesn’t have enough data to determine how much good it’s doing in educating the public.
So the report recommends that the FCC more closely work with wireless carriers and device manufacturers to develop more rigorous standards of mobile security. And the FCC needs to encourage those companies to implement those policies more uniformly and across-the-board. The report also recommended that the Homeland Security and Commerce departments establish a baseline of consumer awareness so they can determine if application of NICE raises awareness above this baseline.
And what can average users do about all the potential cyberattacks on their mobile devices? First, and probably most important, use a password to lock your device down. It’s a simple step that many users fail to take because of the inconvenience of remembering a series of characters and the extra seconds it takes to punch it in.
Second, don’t send any confidential information (such as passwords and credit card numbers) over an unsecure channel. Ideally, that sort of information should never get e-mailed or attached to an e-mail. If everyone would consistently do those two those two simple things, hackers would have a much more difficult job.