Are Smartphones The Weakest Security Link?

Smartphone

Smartphones are everywhere. You see iPhones on the street and in the pub. Handsets which use Google’s Android system are top sellers. And BlackBerries – to which many people seem surgically attached – remain a favourite of businesses big and small.

What is today an average smart phone would have seemed like magic even just ten years ago. For a few hundred pounds you can buy a pocket-sized device with a vibrant, colour touch-screen and enough processing power to put to shame desktop computers that are only a few years old. Oh – and you get enough storage to hold thousands of business documents.

A smartphone is a computer

You have, in short, a powerful computer in your pocket. And while mobile technology has moved on enormously in a few short years, our security awareness hasn’t kept up.

Most people now understand the importance of taking precautions to keep data safe that is stored on desktop and laptop PCs. But few think about the risks involved in carrying and using a smart phone. Yet those risks are arguably higher. Never mind the value of the phone – think about the value of the data on it.

How to protect your smart phone

If someone stole your smart phone, they could gain instant access to your email and contacts. If you use it to store files, they could grab a copy of anything saved to your phone. It’s a security breach waiting to happen.

That’s not to say you should ditch the smart phone and go back to an old brick. But it is time to start thinking a little more about how you protect your phone and the information on it:

  • Get insurance. With Apple’s new iPhone 4S coming in at £500 – £700 off contract, replacing a stolen handset is expensive in itself. Insuring a single smart phone against accidental damage and theft will cost about £40 a year, though you can probably negotiate much better rates as part of your wider business insurance.
  • Put a passcode on your handset. Most smart phones have an option which forces you to enter a PIN or password before you can unlock the handset. Android phones even have a clever pattern lock. Use it. It’s not foolproof, but it should stop a thief getting instant access to your data.
  • Add extra protection to files. Services like Dropbox and Box.net offer smart phone apps so you can download and access all your files from your phone. They usually require a username and password, but most only ask for these details once. To boost security, change the settings so you have to enter the details each time you open the app. You’ll be sacrificing a little convenience for a lot of extra security.
  • Get a mobile tracking app. Many smart phones include features to help you find them if you lose them. You can generally log in and pinpoint your phone on a map, or get it to play a loud sound. However, such tools also allow you to remotely wipe data from your phone – so if it falls into the wrong hands, at least you can safely erase any sensitive data from it. Try Find my iPhone (iPhone), Find my Phone (Windows) or Android Lost (Android).
  • Backup your data. It used to be that keeping a copy of all the phone numbers in your phone’s address book meant writing them out by hand. Not any more! Most smart phones come with software to back everything up to your computer. Some can even create an online backup automatically. If you lose your phone, there’s no reason you should lose your contacts too.
  • Consider security software. If you don’t have security software running on your PC (to check for viruses and spyware), stop what you’re doing and get some right now. It’s essential. And now the companies that make such software are starting to tell us we need it for our phones. Do you need it? Well, maybe. There’s a good article summarising the issues here, but if you want to be super-secure, definitely consider it.

One last tip? Be careful of how you use your smartphone in public. If you’re reviewing sensitive emails or tapping in your passcode, think about who around you can see what you’re doing. Often it’s the simplest things which catch us out.

Jonathan Edwards is MD and founder of Integral IT, a preferred IT support partner to many UK businesses. Jonathan has been working in the IT support industry since 1996 and is a Microsoft Certified Professional. He is actively involved with all aspects of client relationships and ensures Integral's IT support is of the highest quality possible.