Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

www.sophos.com/loveyourphone

Mobile device security

Practical advice on how to keep your mobile device and the data on it safe


Air, water, food… mobile devicesMobile devices are now an integral part of our lives


72%growth in worldwide

smartphone sales in 2010

400x• September 2009 - 0.02%• January 2011 - 8.09%

increase in UK web traffic from a mobile device31%

of US cell phone users own smartphones

mobile devices sold in 2010

1.6 billion

Huge growth in smartphone use


And they’re taking over from PCs

28%of tablet users use the device as their primary computer

of all UK website traffic (not just mobile)

4.5%iPhone traffic responsible for


“If a smartphone lives up to what it

should be then it is something, as

human beings, we will have an

emotional relationship with because

it's there all the time, it's our window

on the world, it's our mouthpiece, it's

everything we are and have. ‘My life

is in there’ you hear people scream.”

– Stephen Fry

My life is in there


So how did we get here?Mobile devices are developing quicker than ever before:

1st cell phone

call

1973

1st

person-to-person SMS

message

1993

1st internet use

on a cell phone

1999

1st

Windows tablet PC launched

2001

1st

BlackBerry launched

2002

1st iPhone

launched

2007

1st

Android OS

launched

2008

20between 1st cell phone call and 1st SMS

years 6between 1st SMS and 1st internet use on a cell phone

years 1yearbetween 1st iPhone and 1st Android OS


Blurring the home-work boundaries

• Accessing personal websites from work devices

• Reading work emails on personal devices

• Accessing corporate systems outside the office

Whoever owns the device, with smartphones and tablets the boundaries between personal and work use merge.


• Work from any location• Work at any time• Reduced operating costs• People prefer them

• Greater productivity• Greater flexibility• Increased response times• Happier staff

The benefits of mobile devices at work


Lost or stolen devices

Mobile malware (e.g. viruses)

Data loss

Financial theft

But it’s not all good news

Which in turn lead to:Mobile security risks include:


Mobile malware (e.g. viruses)

Data loss

Financial theft



Unattended device

Unauthorized access

Data theft


Mobile malware

• 2010: Google removed banking malware that had gathered information on more than 1m Android users

• 2011: Zeus malware for Android steals financial data

• But it will be come a major threat in the future.

Mobile malware (e.g. malicious apps, Trojans etc.) is still in its infancy. But it does exist and the focus is on data theft:


Data = £ $ € ¥Criminals can convert data to money in many different ways:

Bank detailsSteal money

Make fraudulent purchases

Sell to other criminals

Email addressesSell to spammers

Personal identitiesMake fraudulent purchases


Company dataBlackmail

Sell to other parties

Steal money



Sell to spammers



Blackmail

Sell to other parties


Your contacts?

Your work emails?

Your bank account?

Your online store accounts?

Your company’s data?

Your holiday plans?

Your photos?

Your contacts?

Your work emails?

Your bank account?

Your online store accounts?

Your company’s data?

Your holiday plans?

Your photos?

How secure are your devices?If your personal or work devices fell into the wrong hands, what could people access?


Widespread lack of awareness

89%unaware that smartphones can transmit confidential payment information such as credit card details without the user being prompted

65%worry more about security on their laptop or desktop PC than their mobile device

67%do not use keypad locks or passwords


How to secure your mobile... and your life

As a basic rule, consider your device like your computer


For individualsSecure your device

Always lock it

Apply a complex passcode

Shield your passcode

Apply the latest patches

Prevent malware infection

Don’t click on unsolicited links

Think before downloading apps

Be data aware

Be careful what you share

Encrypt sensitive data

Stay compliant

Always lock it

Apply a complex passcode

Shield your passcode

Apply the latest patches

Don’t click on unsolicited links

Think before downloading apps

Be careful what you share

Encrypt sensitive data

Know and follow your organization’s security policies

Don’t “jailbreak” or “root”Don’t “jailbreak” or “root”


For organizations

Define what’s OK: devices, OS, versions

Get visibility of connected devices and data usage

Secure the device: require passcodes, control apps, remote management

Secure email access

Create mobile security policy

Deal with lost or stolen phones

Enable the user to manage their own device

Define what’s OK: devices, OS, versions

Get visibility of connected devices and data usage

Secure the device: require passcodes, control apps, remote management

Secure email access

Create mobile security policy

Deal with lost or stolen phones

Enable the user to manage their own device


Near Field Contact (NFC)

The digital wallet

Augmented reality

Watch this space!

Near Field Contact (NFC)

The digital wallet

Augmented reality

Watch this space!

What’s next for mobile devices?



Www.sophos.com/loveyourphone Mobile device security Practical advice on how to keep your mobile device and the data on it safe.

Documents

work slide

work devices

smartphones mobile devices

benefits of mobile devices

stolen devices mobile

personal devices

financial data

root slide