Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

Survey: Most Lax About Mobile Device Security

By - Source: Toms IT Pro
Securing Mobile Devices: Three Key Steps Webroot Recommends

Know your apps: Download apps only from a trusted source, like the Google Market, Apple App Store or Amazon App Store. Closely scrutinize the permissions the app requests, and don't install it if it wants to access certain functions that it doesn't need, such as the ability to send SMS messages. User reviews are also helpful.

Lock your device: Most smartphones and tablets give you a choice of locking the device with a password, numeric code or pattern. Take advantage of this - if nothing else, you'll prevent practical jokesters from emailing your boss if you leave your device unattended.

Explore mobile security services:Mobile security apps provide lost device protection, secure web browsing, and antimalware services.

Security provider Webroot recently released the results of a consumer survey regarding mobile device usage leading up to the holidays this year. The findings have important implications, not just for individuals but for businesses and IT professionals as well.

According to Webroot, more people than ever are turning to their mobile devices to research and buy gifts as well as plan and book trips this holiday season.  Of the 1,215 mobile device users surveyed, 50 percent said they planned to purchase holiday gifts using their smartphone or tablet this year, while 33 percent plan to use them to book holiday travel—both 22 percent increases from 2010.

Unfortunately, only 40 percent of respondents have a security app installed to block threats or remotely lock and locate a lost device. Worse, more than half (53 percent) leave their mobile devices unlocked. No PIN means easy access.

This leaves personal and, potentially, company data extremely vulnerable should a smartphone or table be lost or stolen.  

"People using mobile devices are exposed to a new set of online risks: cybercriminals seed mobile markets with malicious apps that can steal your personal data or send texts and SMS messages to premium numbers,"  said Webroot VP of Mobile Solutions, Chad Bacher. "And because of their size, smartphones and tablets are easier to lose or have stolen than laptops and notebooks, which puts the vast amounts of personal data stored on them at risk."

Webroot also found some key differences between age groups, genders as well as Android and iOS users. For instance, the survey indicates that Android owners are more concerned with securing their mobile device shopping and travel details, men tend to secure their smartphones and tablets a bit more than woman and—while younger people will use their mobile devices more for shopping and booking travel this holiday season—older folks take security more seriously.

Tom's IT Pro asked Webroot’s Bacher a few questions to elaborate on the survey results and its implications for overall mobile device security and to business and IT pros.  

Tom’s IT Pro: What are the differences between people's security expectations between Android and iOS devices?

In six months, Google has doubled the number of Android devices it has activated, reaching 200 million and inching closer to Apple which reports 250 million devices activated.  Over 550,000 Android devices are activated on a daily basis making it the fastest growing mobile OS.  

In general, a lack of awareness exists regarding the security risks of using mobile devices.   Most people think these devices are secure and are not open to the same type of risks that are associated with using their PC.

However, the reality is that the power of smartphones and tablets allow you to engage in the same online activities you previously would've only done on a PC— email, social networking, Internet browsing, banking, shopping, and more. And your ubiquitous access to your mobile devices enables you to do these activities more frequently than before.

Because of this, people using mobile devices to connect to the Internet expose themselves to a new set of risks to their identity and privacy  in this environment. And because of their size, smartphones and tablets are easier to lose or have stolen than laptops and notebooks, which put the vast amounts of personal data stored on them at risk—data such as business contact lists and confidential documents.

Consumers' appetite for Android devices makes the platform an especially attractive target for cybercriminals. We have seen an exponential growth in mobile-specific malware, especially on the Android platform given its openness and lack of app approval/upfront review. Remember, malicious apps target the operating system, not the form factor of smartphone versus tablet.  Because apps are not pre-screened, cybercriminals can post and make malicious apps available for immediate download on the Android Market.

Google's response to malicious apps has been very reactive—removing the apps from the Market once aware of an issue. But unfortunately, this generally happens after thousands of users have already downloaded the apps and are at risk.

Additionally, unlike other platforms, Android users have many other vectors where they can download apps besides the Android Market. Users can go to any number of third party app stores or traditional sites and download/install apps via a side-loading process. Consequently users are tricked into downloading malicious apps.  

As a result, people are more aware of cyberattacks executed on the Android operating system. The majority of attacks we've seen have come from malicious apps disguised as legitimate apps on third party markets.

That said, all mobile device users who browse the Internet on their smartphones and tablets on any operating system can equally fall victim to phishing attacks resulting from web links that lead to malicious Web sites.  

Toms’ IT Pro: We are interested in how you think the results of your survey, which focuses on individual purchases, affect the companies and enterprises these people work. Folks are bringing these mobile devices into work. So what's an IT department, particularly the IT pros tasked with managing and security mobile devices, to do?

Companies should develop and enforce a mobile device usage policy (see sidebar at top for some security tips) that ensures that passcodes are used and restricts which apps can be installed on the device. But to be the most effective and go beyond device usage policy enforcement, IT administrators should deploy an MDM solution with mobile security integrated into it.  Such policies would enable IT to centrally deploy anti-malware protection on employees' devices, enforce passcode usage, and centrally manage features like remote device lock/wipe/locate which are essential when an employee loses a smartphone or tablet.

James Alan MillerJames Alan MillerJames Alan Miller is Managing Editor of Tom's IT Pro. He is a veteran technology journalist with over seventeen years of experience creating and developing magazine and online content. Founding editor of numerous business and enterprise computing sites at the network, James headed up the After Hours section at PC Magazine, as well as hardware and software sections of various Windows publications.