Transcript Sophos ThreatBeaters: Social Media

Mobile device
security
Practical advice on how to
keep your mobile device
and the data on it safe
www.sophos.com/loveyourphone
Air, water, food… mobile devices
Mobile devices are now an integral part of our lives
www.sophos.com/loveyourphone
Huge growth in smartphone use
400x
increase in UK web traffic from a
mobile device
• September 2009 - 0.02%
• January 2011 - 8.09%
31%
of US cell phone users own
smartphones
1.6
billion
mobile devices
sold in 2010
72%
growth in worldwide
smartphone sales in 2010
www.sophos.com/loveyourphone
And they’re taking over from PCs
iPhone traffic
responsible for
28%
of tablet users use
the device as their
primary computer
www.sophos.com/loveyourphone
4.5%
of all UK website
traffic (not just
mobile)
My life is in there
“If a smartphone lives up to what it
should be then it is something, as
human beings, we will have an
emotional relationship with because
it's there all the time, it's our window
on the world, it's our mouthpiece, it's
everything we are and have. ‘My life
is in there’ you hear people scream.”
– Stephen Fry
www.sophos.com/loveyourphone
So how did we get here?
Mobile devices are developing quicker than ever before:
1st
cell phone
call
1st
person-toperson SMS
message
1st
internet use
on a cell
phone
1st
Windows
tablet PC
launched
1st
BlackBerry
launched
1st
1st
iPhone Android
launched
OS
launched
2007
2001
1973
1993
20
years
between 1st cell phone
call and 1st SMS
www.sophos.com/loveyourphone
2002
2008
1999
6
years
between 1st SMS and 1st
internet use on a cell phone
1
year
between 1st iPhone
and 1st Android OS
Blurring the home-work
boundaries
Whoever owns the device, with smartphones and tablets the
boundaries between personal and work use merge.
• Accessing personal
websites from work
devices
• Reading work emails
on personal devices
• Accessing corporate
systems outside the
office
www.sophos.com/loveyourphone
The benefits of mobile devices
at work
www.sophos.com/loveyourphone
•
•
•
•
Work from any location
Work at any time
Reduced operating costs
People prefer them
•
•
•
•
Greater productivity
Greater flexibility
Increased response times
Happier staff
But it’s not all good news
Mobile security
risks include:
Which in turn lead to:
Data loss
loss
Lost or
Lost
orstolen
stolendevices
devices
Mobile malware
Mobile
malware(e.g.
(e.g.viruses)
viruses)
www.sophos.com/loveyourphone
Financial theft
Financial
theft
Lost or stolen devices
Unattended device
Data theft
Unauthorized access
www.sophos.com/loveyourphone
Mobile malware
Mobile malware (e.g. malicious apps, Trojans etc.) is still in its infancy.
But it does exist and the focus is on data theft:
• 2010: Google removed banking
malware that had gathered
information on more than 1m
Android users
• 2011: Zeus malware for Android
steals financial data
• But it will be come a major threat in
the future.
www.sophos.com/loveyourphone
Data = £ $ € ¥
Criminals can convert data to money in many different ways:
Bank details
Company data
Steal money
Steal
money
Blackmail
Blackmail
Make fraudulent
fraudulentpurchases
purchases
Sell to other
Sell
otherparties
parties
Sell to
Sell
to other
othercriminals
criminals
Email addresses
Sell to
Sell
to spammers
spammers
Personal identities
Make fraudulent
fraudulentpurchases
purchases
Sell to
Sell
to other
othercriminals
criminals
www.sophos.com/loveyourphone
How secure are your devices?
If your personal or work devices fell into the wrong hands,
what could people access?
Your contacts?
Your work emails?
Your bank account?
Your online store accounts?
Your company’s data?
Your holiday plans?
Your photos?
www.sophos.com/loveyourphone
Widespread lack of awareness
89%
unaware that smartphones can
transmit confidential payment
information such as credit card details
without the user being prompted
67%
do not use keypad locks or
passwords
65%
worry more about security on
their laptop or desktop PC than
their mobile device
www.sophos.com/loveyourphone
How to secure your mobile...
and your life
As a basic rule, consider your
device like your computer
www.sophos.com/loveyourphone
For individuals
Secure your device
Be data aware
Always lock it
Be careful what you share
Apply a complex passcode
Encrypt sensitive data
Shield your passcode
Stay compliant
Apply the latest patches
Prevent malware infection
Don’t click on unsolicited links
Think
Think before
before downloading
downloading apps
apps
Don’t“jailbreak”
“jailbreak”or
or“root”
“root”
Don’t
www.sophos.com/loveyourphone
Know and follow your
organization’s security policies
For organizations
Define what’s OK: devices,
OS, versions
Secure email access
Get visibility of connected
devices and data usage
Deal with lost or stolen phones
Secure the
thedevice:
device:require
require
passcodes, control apps,
remote management
www.sophos.com/loveyourphone
Enable the user to manage
their own device
Create mobile security policy
What’s next for mobile devices?
Near Field
Field Contact
Contact(NFC)
(NFC)
The digital
digitalwallet
wallet
Augmented reality
Augmented
reality
Watch this
Watch
thisspace!
space!
www.sophos.com/loveyourphone
www.sophos.com/loveyourphone
www.sophos.com/loveyourphone