Mobile communications is on the rise, and so is concern for cyber security. The problem is, securing digital assets and sensitive data in mobile devices is getting more complicated. And to further complicate the problem, most users of mobile personal devices that don’t have a Cyber Security degree are not even aware of how vulnerable they are to data breaches.
Here are some of the top mobile security and privacy concerns to watch.
Lack of Secure Passwords or PIN
It’s no secret that majority—the “non-techie” ones—still don’t use passwords. While most mobile devices support passwords, personal identification numbers (PIN), and pattern screen locks, many users fail at using even this most basic security process. What’s more, those who do use them often choose easy-to-guess passwords and PINS. This is why information on stolen or lost phones can be easily accessed and misused.
Many cloud-based services such as Dropbox, Google, and Facebook, as well as banks support two-factor authentication. This is usually considered more secure than traditional passwords and PINs. Using such scheme, mobile devices can generate codes and send it via SMS to the phone. The problem, again, is with users who don’t make use of the technology to secure sensitive mobile data.
Unencrypted Wireless Transmissions
Information such as emails and browsing activity is not usually encrypted. In fact, many mobile applications and cloud services don’t encrypt the data they transmit and receive wirelessly. This causes data to be illegally intercepted.
Just recently, Wall Street Journal revealed that more and more tech companies are pushing to encrypt more data amid revelations of the NSA leak. Google, Microsoft and Yahoo already support a simple encryption feature called Transport Layer Security (TLS) but only for their own corporate email. Google’s Gmail does encrypt email transport for their customers. The problem is you need both sides of the email transaction to support encryption. So when a Gmail user emails a Yahoo Mail user, such communication can still be intercepted.
Vulnerable Mobile Operating Systems
It usually take weeks or months for security fixes to be delivered on mobile devices. Google, for instance, takes time in developing or patching security vulnerabilities in Android. This is especially true in cases of proprietary modifications. Carriers may need more time to test a vulnerability fix and check if it interferes with the device or existing software. Such delay only increases security risk.
What’s more, mobile devices older than two years may no longer support new software. Manufacturers, in fact, may stop supporting tablets, smartphones and other mobile devices 12 to 18 months after their release. Users stuck with an out-of-date software are more exposed to security vulnerabilities.
Risky Mobile Apps and Lax Application Review Process
Mobile users tend to rely on apps for almost everything. There’s an app for storing and syncing files of work-related documents, an app for storing sensitive images and more. Just name it and virtually all app store or marketplace has it.
To make it worse, users also tend to download apps on impulse. Most apps are free and a single tap can expose these users to danger. What’s more, our increasing reliance on mobile or cloud-based apps means that no IT department, not even bosses, can dictate which app to download or not.
Cyber security isn’t just about technology. It’s also about people. In the case of mobile security, mobile users seem to be the weakest point. But mobile users or people in general, are also key to securing the mobile technology. Educating users on cyber security threats would be a good start.