According to Andy Hayter, anti-malware program manager with ICSA Labs, users today face daily threats from trojans and other computer viruses that can potentially expose sensitive personal data, including credit card numbers.
"In addition, undetected trojans can lead to expensive charges on customer phone bills by sending text messages and making calls", he says.
To combat mobile security risks aimed at smartphones, tablets and apps, Hayter offers seven tips to help business and consumer users protect themselves:
- Only buy apps from recognised app stores. Apps from unofficial third-party stores and applications downloaded from peer-to-peer sites, he says, are much more likely to contain malware than apps sanctioned by official vendor stores such as the Android Market or Apple iTunes store.
- Think twice about accepting 'permissions'. Most applications, legitimate as well as malicious ones, require users to accept several 'permissions' before the apps are installed. Check carefully to be sure that the app comes from a legitimate source.
- Monitor bills for irregular charges. If attackers gain access to personal information stored on your phone, they can quickly rack up charges by sending 'silent' text messages to high-priced call services. For example, if the Android Trojan GGTracker is inadvertently installed on a device, it can sign up users, without their knowledge, for premium text messaging services.
- Employ security policies to protect employer-issued devices. Employers should enforce password-based access and require voice mail codes so that only authorized users can access data on employer-issued devices.
- Be mindful that more and more employees bring their personal devices to work. Companies therefore must have security systems and policies in place to safeguard their business environment and prevent access to company networks from employees' personal devices.
- Remember that mobile devices are tiny handheld PCs. Many security threats that apply to traditional computers also apply to mobile devices, such as smartphones and tablets, and consumers should take necessary measures to protect themselves. One way to do this is to install anti-malware software on mobile devices and enable VPN functionality.
- Protect your mobile phone password and voice mail pin. If your mobile phone does not currently have a password, add one that is at least six digits. Try to choose a unique password that is not already used across other systems and accounts. Do not use repeating digits in passwords or voice mail pins. Remember that your provider will never request your voice mail pin, so do not be tempted to provide it to anyone who requests it.
"Mobile malware will continue to rise with increased smartphone use," says Hayter.
"But by following these tips users can help protect themselves and their personal data from unwanted intrusions", he adds.