4 Mobile Security Tips for SMB Employees

As of 2009, there are 27.5 million small to medium sized businesses in the United States, according to the U.S. Census Bureau. It’s safe to assume that number accounts for millions of employees who all have mobile phones.

According recent reports, more smartphones are sold today than PCs and more than 400 smartphones will be sold around the world by the end of this year alone. Mobile phone use is on the rise and as a result, so is mobile malware. In fact, other reports found that mobile malware threats increased by 46% last year with the  Android being the number one target of mobile hackers. The global security market is growing so fast, it’s predicted to reach $14.4 billion by 2017.

SMBs are no exception when it comes to being prime targets for malware, in fact they’re often malware’s favorite target because SMBs don’t usually have the means to protect themselves accurately from cyberattacks. They typically lack the resources and expertise to build secure systems to protect their data from online attacks, like large enterprises do. They also have a limited budget and few or no technical experts on staff.

With almost all SMB employees using mobile devices and with most of them syncing company information such as contact info and e-mail to their devices, the mobile phone has become an extension of the PC and thus, equally as vulnerable. That’s why Don DeBolt, Director of Threat Research for Total Defense, an Internet security company (previously part of CA Technologies) suggests the following few tips for SMBs and their employees in regards to mobile security.

SMB Employee Mobile Security Tips:

1. Set a Pass code: Use an access code/password/or pattern sequence to lock/unlock the device when it is not in use Note: The Android "pattern" lock option is more susceptible to being guessed according to research performed at Penn State University.  The researchers were able to follow the "smudges" on the screen to guess the sequence.  The preferred method is to set a pin number as the unlock code.  
2. Stay Away from Auto-Upload: Android 2.1+ devices with Google+ offer an "instant upload" option where photos and videos are immediately uploaded to Google's servers. Sometimes we may forget this feature is activated and upload information we might not necessarily want to or that might be safe. There are privacy and physical security concerns if every photo and every video is uploaded prior to review by the device owner.
3. Don’t Share your Location: Don't share "location" within GPS enabled apps unless absolutely necessary. The ability to know exactly where you are based on your phones physical location can be a significant privacy and physical security concern.
4. Stay Away from Public Wifi:  Don’t clear text data in public wifi hot-spots. It can become public domain. Firesheep demonstrates how easy it can be to capture a user's credentials on an open wifi connection and login as them with a simple "double-click."  If possible, avoid open wifi hot-spots altogether.