The Pew Research Center reported in 2012 that 85% of American adults own smartphones. Within this group, 80% use their smartphone to send or receive text massages, 56% use their phones to access the Internet, 50% send or receive email, and a full 29% access their bank account information or do online banking. What I found interesting about this study was that it confirmed the continued rapid transition of using smartphones instead of PCs or laptops as an online ramp to the Internet by the general public and this creates a problem that few smartphone owners seem to grasp.
The problem is this. We all view our smartphones as smartphones, when in fact a smartphone is really not a phone at all. I believe we are better served if we view smartphones as handheld computers with cell phone capabilities. Why? It’s because almost all of us use these devices to access the Internet and email. Look at it this way. Every firm that I have visited, which now exceeds 1000, and that has a computer or network that connects to the Internet also has some type of Internet security software running. How many of us rely on similar protection with our handheld iPhones or Android devices? While I don’t have any hard numbers for you, I can share that the number would be far less than 100% of smartphone users simply based upon what I am finding as I visit with lawyers all over the country. Very few have even thought about the issue.
Some will say that by design these devices are far more secure than their more robust computer cousins. Others argue that their simply aren’t any actual smartphone threats in the wild. No threats, no worries. Consider this. Early in 2013 Apple announced that there have been over 40 billion downloads in its App Store, 20 billion occurring in 2012 alone. Google reported that they broke the 25 billion mark in their Google Play store in September of 2012. Wow! Oh, then we have this. A number of major security firms have announced that 2013 will be the year that smartphones will finally emerge as a major target for cybercriminals in part because so many of these phones are being used as mobile wallets. In early 2013 security firm Kaspersky Labs announced that they uncovered new malware that poses as a “cleaner” app that can free up space on Google OS. This malware, called DroidCleaner actually infects both your smartphone and PC in order to spy on you. There are also devices that create what is known as a hot-spot honeypot which in essence attracts devices looking to connect to a Wi-Fi signal. Should your device ever connect to the fake network these kinds of devices create consider yourself hacked. So, perhaps it isn’t a matter of time after all. Perhaps the threats are not only real, but active now. Perhaps we are being foolish by not properly securing our handheld computers we call smartphones.
What’s one to do? Begin by downloading a security app of some sort. These types of programs offer a wide range of protection. Some even include functions such as encryption capabilities and/or the ability to wipe all data from the device after a certain number of failed login attempts or even enable a remote wipe of a lost or stolen device. Regardless, make sure that you include an app that provides protection against malicious attacks to include spyware. For the iPhone world, you might consider apps such as VirusBarrier which is an on-demand file and website scanner; Mobile Active Defense which filters incoming email in an effort to protect you from spam, phishing attacks, and malware; and Find My iPhone which is an iCloud service that allows you to remotely lock and/or wipe the phone if it is ever lost or stolen. In the Android world, you might consider AVG Antivirus Pro which is something of a full service security and theft protection suite; Lookout Mobile Security - think LoJack for the mobile phone; or Norton Mobile Security. There are a number of other worthy options in both worlds and if you are a BlackBerry user, rest assured similar apps are available for you as well.
Going beyond the security app step, also remember to use power on passwords and enable auto-lock features. If able, use a strong password that is a combination of uppercase and lowercase letters, numbers, and symbols, and is a minimum of eight characters long. Avoid open public Wi-Fi networks as much as possible. Always turn off Bluetooth and Wi-Fi when not specifically in use. If you use your smartphone to connect to your firm’s network, only connect to the network through a VPN connection. As with your other computers, backup your data as smartphones do get lost, are stolen, and sometimes get destroyed. Accidents do happen. Never give the device away, recycle it, or just toss it without first wiping the data from the device. Finally, never allow someone to use your device outside of your view. You just never know what they’ll try to do.