by Ondrej Krehel
There’s a host of articles online about how and why to secure your smartphone. And for good reason: The risks have never been higher. Potential threats range from simply losing a device loaded with your personal and sensitive information to sophisticated unauthorized dialing, SMS scams (smishing) and data leakage scams.
There are several mobile security applications, such as Lookout Mobile Security, for all major smartphone platforms. They’re well worth exploring. Yet there are two simple things you can do—one low-tech, one hi-tech—to up your security game.
Get out the pen and paper, or your word processor. Seriously. Make a physical list of everything on your smartphone—all the accounts and documents (or types of documents) it can access. Big corporations call this data classification. If you log into Gmail and Facebook and Twitter, write the names of those sites down. Online banking? Shopping? Put down the names of your banks and credit cards. In the event the phone is lost or stolen, this list will be a lifesaver. You’ll have a clear guide to all the passwords you need to change and a list of the documents that may be at risk.
[Related: Security Risks of Mobile Banking]
With that list stored in a safe place, you might want to take one extra step and delete all the login names and passwords stored in your phone. Yes, you’ll have to type your Facebook login and password every time you access it on your phone, but that extra four seconds could save hours of headache if the phone is compromised. If you can’t remember all your passwords, install KeePass, which stores them in an encrypted database.
The hi-tech solution is for a worst-case scenario: remote data wipe. This amounts to logging into a website that sends a signal remotely to your lost or stolen phone to erase its internal memory. Lookout, linked above, offers this option for free for Android, BlackBerry and Windows-based phones. Apple offers the service through MobileMe, but at the steep rate of $99 a year. Of course even this security layer has a weakness: The new “owner” of your phone can just pull the battery.
Is all this worth the trouble? Consider the list of accounts and documents stored on your phone. What would it cost to restore them, or even worse, what would the consequences be if a hacker or identity thief took them over.
Ondrej Krehel, Chief Information Security Officer, Identity Theft 911
Ondrej has more than a decade of network and computer security experience. His expertise extends to investigations of intellectual property theft, massive deletions, defragmentation, anti-money laundering and computer hacking. He led U.S. computer security projects at Stroz Friedberg and worked in IT security at Loews Corp.
Image by steefafa, via Flickr