Mobile Security: Tips for your users

Whenever I have worked on mobile phone projects, the issue of security always seems to become a topic of discussion both in regards to what people are willing to share on social networking sites, as well as their propensity to purchase or bank.

I remember how the comments made in a focus group by one lady, about the security of a mobile banking login, made one of the UK’s largest banks change their login process.

From a business perspective, banks in particular implement measures aimed at protecting their customers such as two-factor authentication when logging in, an Online Banking Guarantee, IP profiling and fraud monitoring service.

What banks cannot control however, is user behaviour and the risks they put themselves in especially when downloading potentially harmful apps to their phone. At present, fraudsters may not see this as a viable and effective channel to focus their efforts but it is predicted that due to the rapid expansion in mobile banking, mobile malware will become a huge security problem.

Trusteer have recently released figures predicting that within 12 to 24 months over 1 in 20 (5.6%) of all Android phone and iPads/iPhones could become infected by mobile malware.

Although some users are so concerned about security that they inhibit usage and behaviour, many others are either prepared to take a chance, simply don’t care or are surprised that there are any risks at all.

As no-one would knowingly jeopardise their security, this suggests there is a distinct lack of knowledge about how to keep safe when using secure mobile internet environments.

If you’re considering putting together security advice for your users, here’s my list of user-end appropriate tips.

• Make sure you keep both your phone and computer operating systems up to date.
• Don’t share your phone. If someone else has access to it, clear the browsing data, cache and cookies.
• Always password protect your phone.
• Keep your password(s) safe. Don’t share them or store them on the phone.
• If you think your password(s) have been compromised change them or contact the store/bank promptly.
• Avoid conducting purchasing or banking on your phone whilst connected to a public Wi-Fi network. When out and about use 3G as this offers a more secure type of connection.
• Ensure your home Wi-Fi is secure by using a password and enabling data encryption.
• Be aware of those shoulder surfers who may be watching you entering details on your phone.
• Always log out of any secure environment. Never leave your phone when logged in.
• Check if there are any anti-virus packages compatible with your phone. Be aware that current solutions may not be able to cope with scale of threat once malware fraud escalates as predicted.
• Be careful with the apps you download. Android users may be particularly at risk due to the generally unregulated Android Market so be very careful about what functionality and content you give permission for the app to access on your phone.
• Be careful if you decide to ‘jailbreak’ your iPhone/iPad in order to run apps not available on the app store. The Apple store offers strict control and regulation on apps offered there.

This is a pretty long list but I’m sure it’s not exhaustive so feel free to pitch any I’ve missed.

Further reading
Which weighs in on bank security
Two factor authentication

No comments yet.