10 ways to secure your smartphone

With smartphone ownership on the rise and users increasingly store important content on their phones, cybercriminals are more and more interested in these devices, which makes mobile security more pertinent than ever.

With the IT consumerization trend, there is a blurring of lines between personal and corporate devices, Myla Pilao, director of core technology marketing at Trend Micro's TrendLabs, told ZDNet Asia in an e-mail.

Citing research released last week by Ovum, she noted that Asia-Pacific mobile phone shipments is expected to hit 836 million by 2016. The market for smartphones will continue to grow and remain a key target of cybercriminals, Philippines-based Pilao added.

A Symantec report also revealed an increase of 42 percent in the number of new vulnerabilities detected in mobile operating systems. According to David Hall, Symantec's Asia-Pacific consumer product marketing manager, they jumped from 115 in 2009 to 163 in 2010.

In an e-mail, Hall noted that smartphones have paved the way for a single communications device, adding that people forget that they are susceptible to hacks and data leakages.

"We can anticipate that these earlier threats will continue to evolve," he said. "While these threats are limited and not likely to make significant inroads right away, their impact is likely to increase in the near future."

That said, there are ways for smartphone owners to minimize impact from data loss when their handsets are lost or stolen. ZDNet Asia uncovers from insiders in the IT security industry 10 measures users can take to secure their smartphones.

1. Set passwords
A simple password protection using a strong password or PIN makes it difficult for thieves to gain access, Hall of Symantec said.

Paul Ducklin, Asia-Pacific head of technology at Sophos, highlighted that a recent survey found that 22 percent of users had lost their mobile device in the past 12 months, of which nearly 70 percent of the phones were completely open to the person who found or stole them. The finder of a lost smartphone would be able to make calls, read e-mail, access private photos and even access online services, he explained in an e-mail.

"That's unacceptable in the modern Internet-connected world. Being slack about your own security actually affects other people," Ducklin said.

The security expert added that the main reason people don't protect their phones even with an elementary passcode is because they find it a hassle."They don't want the inconvenience of having to type in four extra digits before they make a phone call, or send an SMS, or indulge their Twitter addiction."

But Trend Micro's Pilao advised that even though typing in a password is time-consuming and tedious, this step ensures data is safe when the phone is physically lost. Passwords were after all created for a reason--to deter cybercriminals from accessing your data, she said.

2. Utilize all security features
People often forget to use the features in the smartphones that are already available at their disposal, Pilao said, and that a simple change in the settings is all it takes to add that level of security and safeguard privacy.

Most smartphones come with a phone lock option to enhance privacy, Pilao said, yet people do not use this feature and leave their phones unlocked and unsecured.

Smartphones that are equipped with a fingerprint lock option, such as the Motorola Atrix which has a biometric fingerprint reader, ought to be employed, Pilao added. "Currently, this is the safest option as it ensures that you are the only one who can access the information stored in your smartphone," she explained.

3. Download apps from reputable sources and update regularly
When downloading apps, users often unknowingly allow malware to be installed in their phones without even knowing how or why, Pilao noted.

Hall cautioned that users have to be wary of applications that do not cost anything. "Consumers sometimes forget to question the authenticity of free applications and downloading such applications can put them at risk of being attacked by criminals."

Only apps from reliable sources should be installed, such as official stores and developers, advised Luis Corrons, technical director at Panda Security's PandaLabs.

The Spain-based expert noted that there have been a number of cases this year whereby cybercriminals have taken legal, non-malicious apps, added malicious items and uploaded them to the Android Market as a free offering. This resulted in thousands of downloads and infections, he said.

Users should also ensure that they regularly update their apps to patch them as soon as a new security patch becomes available, Hall added.

Concurring, Corrons warned: "Many attacks use known security vulnerabilities which are already fixed, but many users don't regularly update and they get infected this way."

4. Disable Wi-Fi auto-connect option
With the promise of ubiquitous Internet, mobile phone users may have a tendency to enable their devices to automatically connect to Wi-Fi networks. Pilao pointed out that cybercriminals may take advantage of this by setting up phony Wi-Fi networks in popular areas to attract unsuspecting users and hijack their personal information.

Hall agreed, adding that often, consumers will use any wireless connection available without checking if they are secure.

Elaborating, Pilao said connecting to an open network may be easy, free and convenient but the process is risky. There is the potential for intrusion and identity theft because the information stored in the smartphone transits freely to the wireless router or access point and vice versa.

"Anyone on the same network can access your information," she said. "Turning the automatic wireless connection off is thus another mean to keep mobile threats at bay."

5. Consider a mobile security app
According to the Trend Micro spokesperson, being cautious about downloading and installing apps "just isn't enough because cybercriminals will never tire of coming up with ingenious ways to trick you into giving out personal information".

To that end, Pilao urged smartphone owners to use an effective security solution as it is still their "best bet".

Trend Micro's Mobile Security protects digital files stored on phones and secure mobile banking transactions, Pilao said, and identifies and stops malware before they infect devices and reduce vulnerabilities.

Android users can also protect their phones with Symantec's Norton Mobile Security, which upgrades that control over Android devices with antitheft, antimalware and call or SMS blocking capabilities, Hall said.

6. Use a SIM code
Sophos' Ducklin advised users to add a SIM (subscriber identity module) card code, which is only required when phones are rebooted. However, he noted that many users seem to think that a device password also protects their SIM so they don't bother to set a SIM-specific code, he said.

"SIMs are intended to allow you to plug your phone's identity into any other device, which is what a crook will do if their goal is to make free calls on your account," he explained.

Ducklin warned that if someone steals a user's SIM overseas and roaming is enabled, calls made by them will be extremely expensive and could quickly "cost thousands of dollars".

7. Sync phone for backup
Users should use syncing software to backup their digital data and secure crucial data on their computers, so nothing will not be lost should the mobile device be misplaced, said Symantec's Hall.

"Smartphones contain so much personal information that backing up should be standard practice," Hall noted. "Consumers often become complacent and forget to backup their data by syncing with another computer at regular intervals."

This makes it even more difficult to recover from loss of their device, he said.

8. Reduce location-sharing
Checking in and GPS capabilities on smartphones have opened up a "whole new world" of staying in touch with family and friends, Hall added, but these sharing come at a cost to personal privacy.

"Users should ensure they understand the privacy settings of location-aware applications and set them to a level that is suitable for them," Hall said.

Pilao added that users should keep their smartphones safe by properly configuring location and security settings. "Do not disclose your location so easily to strangers," she said. "Keep location broad instead of being specific."

9. Check before clicking links
Like computers, smartphones require certain levels of permissions especially when visiting Web sites they are not familiar with, Pilao noted, adding that users should still be wary of what they click.

"Many people make the mistake of clicking on links without checking their authenticity, especially URLS received via social media channels," she said. "Many links could potentially be malicious when executed without permission."

10. Understand permissions
Users should also be cautious when accepting requests for personal and device information, or when they come across other actions that aren't necessary for a certain app to work, Pilao warned.

"Giving your permission allows cybercriminals to use them as a backdoor program," she warned. "Cybercriminals can gather and send device information to a remote URL, or perform other functions without your authorization."