Top 10 Mobile Mistakes to Avoid This Holiday Season: Page 2
Although not addressed by Symantec's holiday survey, many smartphones will no doubt be accessing email, websites, calendars, etc, using a multitude of wireless networks, from mobile broadband to public hotspot to family-owned Wi-Fi. Holiday usage tends to throw a kink into established best practices, as users struggle to get on-line wherever they might be, using the most convenient (and often unknown) form of Internet access. Here, the best defense is a good offense such as using a VPN to protect all wireless activity. However, users still need to exercise common sense and a modicum of caution to avoid Evil Twin APs that can prey upon careless wireless devices. For more advice on avoiding Evil Twins, see our October top ten column.
SMS has grown increasingly popular on phones of all kinds, including smartphones with easier-to-use virtual keyboards. In Symantec's survey, 48 and 74 percent of users expected to text for work and play over the holidays. The bad news? 68 percent said they were at least somewhat likely to open a text message sent by a stranger. 29 percent even said very likely double the number very likely to open email from strangers. Ironically, 41 percent also identified SMS text phishing ("SMSshing") as a top two most worrisome smartphone attack. According to Nguyen, "People are relatively new to smartphone threats until recently, most only used them for email and calendaring. They aren't yet educated about the risks related to SMS and phishing URLs that might be presented to them, both in texts and when browsing." In addition to user education, SMS spam and sender filtering can help. These measures can be device-resident or cloud-based and prevent relay or display of SMS messages from unknown (or known-offensive) senders.
Finally, 68 percent of respondents expected to use social networks (e.g., Twitter, Facebook, LinkedIn) during the holiday. This comes as no surprise, since social network usage is rising fast and all smartphones now run a plethora of apps designed to make these sites more usable on small screens.
According to Nguyen, social networking threats on smartphones are expected to parallel those now being experienced on PCs. "Threats are moving from the OS level to the application level, with social engineering attacks being used to trick users into clicking on links that cause malicious behavior," he said. "Social networking apps on smartphones will encourage hackers to customize attacks for mobile devices."
Mobile malware has ramped up rather slowly on smartphones. But in Symantec's survey, a surprisingly high percentage of users cited malware as a top three concern. Enterprises may not be nearly as concerned yet. But when mobile malware emerges in full-force, it's likely to penetrate the enterprise through an unprotected back-door like social networking. Here, forewarned is forearmed.
Symantec's survey focused on holiday season smartphone use, but it provides useful insight into habits, end user attitudes, and emerging trends that could apply all year long. Clearly, employers need to start taking smartphone security threats seriously and that includes employee-liable consumer smartphones. So don't let the Grinch steal Christmas (or Hanukah or Kwanza or your own December holiday). Safeguard those iPhones and Androids and tablets to mitigate these mobile risks.
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. A 28-year industry veteran, Lisa enjoys helping companies large and small to assess, mitigate, and prevent Internet security threats through sound policies, effective technologies, best practices, and user education.
Follow eSecurityPlanet on Twitter.