Mobile devices present numerous potential security vulnerabilities. In the last couple of years, mobile sales have dwarfed PC sales. This explosive growth of smartphones and tablets along with the growing popularity of file sharing technologies has further augmented these vulnerabilities. The risk of mass surveillance by rogue governments, leakage of sensitive information from enterprises and other breaches has never been greater. With stakes this high, it is surprising that most people do not even understand how vulnerable they are.
The need for comprehensive mobile security has become imperative. To preserve the benefits of mobility, mobile device security threats have to be thwarted. Below is a list of 10 effective mobile device security practices, aimed at securing mobile devices and protecting users’ data from being compromised.
1.Enforce Multiple Forms of Authentication
Experts advise that mobile users should implement two-factor authentication on their devices. This requires users to prove their identity using something they have – biometric authentication and something they know – password. Unfortunately, this authentication technology is not yet widely available on mobile devices. Modern mobile devices come with built-in biometric scanners such as facial recognition, fingerprint scanners, voice print recognition among others but older devices only offer password protection. In the absence of a two-factor authentication technology, strong passwords can be enforced for the device and network access. Measures like automatically locking out access after a predetermined number of incorrect passwords are necessary.2.Use SSL to Encrypt All Data in Transit
Mobile devices are often associated with insecure “clear-text” connections. Some of the most popular file-sharing and hosting programs transmit and stores sensitive information in an entirely unencrypted state. A simple game like Angry Birds can send a ton of your personal data from your device to the servers with no protection. Such information, which may include your usernames, passwords and real-time location, can be intercepted by anyone with malicious intent.
Experts recommend encryption of all mobile device communications. Encrypting data at rest and in transit prevents successful eavesdropping attempts. Always use SSL/TLS to secure all the data you send over the internet.
3.Use Certificate Pinning in Mobile Applications
SSL Cryptography provides some rock solid mobile security. On the web, Certificate Authorities issue SSL certificates to show users which sites they can trust. This system, however, is flawed since malicious people can also hand out fake SSL certificates. Mobile applications use “cert pinning” since it is more secure than the CA system. The Cert pinning system allows you to stick SSL certificates on a mobile app so that it resists fraudulent certificates from attackers.
4.Remote wipe and “phone home” capabilities
In the event of mobile device loss, authentication and encryption can protect data from falling into the wrong hands. Apply Remote wipe and “phone home” capabilities to fortify your mobile device security further. Native remote lock, find and wipe capabilities are used in the recovery of a lost mobile device or complete deletion of data on it. Privacy and the risk of losing personal data as a result of these functionalities are greatly outweighed by the danger of data theft resulting from theft of mobile devices. However, defining policies for these technologies is recommended.
5.Control third-party software
Third-party software is often the weakest link in mobile device security. It is the best way for attackers to breach security and siphon information through drive-by or intentional installation of rogue software, replete with “black gateways” and backdoors. When choosing third-party software, it is important to have high standards.
The safest course for companies and organizations is to establish policies that limit or block the use of third-party software. Employees can also be restricted to a remote virtual work environment and implement policies that prevent download of files to mobile devices.
6.Install Trusted Antimalware Software
Just like laptops and desktops, tablets and smartphones are susceptible to spyware, Trojans, worms and viruses. Attackers can use mobile malware to steal or corrupt sensitive user data, rack up phone charges, conduct targeted attacks on mobile device users among other atrocities. Malware threats swirl mostly around Android, but iOS is also a target. installation and regular update of antimalware software is recommended for anyone who uses his or her tablet or smartphone to access any network.
7.Secure mobile communications with end-to-end encryption
Wireless communications are easy to intercept and snoop on. As such securing all device communications is advisable. You can do this only by using mobile apps that support end-to-end encryption. End-to-end means encryption from your end to that of the person you are communicating with. In the event your app’s data is compromised, the content of your messages will not be safe. If You are the owner of any website/app then you can use an SSL certificate to protect data entered by users. You can go with Wildcard SSL certificates if you have multiple apps running on sub-domains, it will be cheaper and easier to maintain.
8. Use Mobile Device Certificates for Mobile Authentication
The need for mobile authentication grows with the incidence and sophistication of attacks on mobile platforms. Like users, the legitimacy of mobile devices accessing corporate networks and resources should be authenticated. This can be done by employing a certificate management service. SSL Certificates provide organizations an ideal mobile authentication method to ensure the security of their networks.
9.Mobile Device Management
When it comes to securing mobile devices, management is as important as the technical security measures if not more so. Security of your device should be a priority. Practices to avoid security breaches include:
- When not in use, interfaces such as Wi-Fi, Infrared and Bluetooth should be disabled and hidden from discovery
- Configure your device to avoid unsecured wireless networks
- Carefully consider the kind of information you store on your device
- Avoid “rooting” or “jailbreaking” your device
Corporations should have a recommended and enforce configurations for personal mobile devices at work
10.Perform Regular Audit of Security Configuration
To ensure that your security measures are still in place, periodically conduct an audit of security configuration and policy adherence. This ensures that your mobile device settings have not been modified, accidentally or deliberately.
For companies and organizations, it is also prudent to hire reputable security testing firms to periodically audit their mobile security and conduct penetration testing on their devices. The pros can expose any vulnerability and help remedy them.