As we move more of our work and personal lives digital and carry all of it in our pockets, the struggle to secure your smartphone can often feel daunting and confusing. If you follow a few simple steps, you can protect yourself from the vast majority of threats that exist—both physical and digital.
Here are seven easy ways to secure your smartphone, plus a few special considerations for enterprise IT folks.
- Disk Encryption
In the event that your device is lost or stolen, encrypting your device prevents malicious actors from getting your private information. If you use an iOS device, automatically encrypt your phone by setting up a pin or passcode. If you use an Android device, head into your settings pane and setup full disk encryption. Android links a password or passcode to the encryption scheme, so even if someone were to copy your data, it would be useless.
- Automatic Updates
Apps make it easy to get work done, keep up with friends and play games on the go. Unfortunately, sometimes these apps leak information or expose vulnerabilities. Set your phone to auto-install new app updates to avoid security risks. An added benefit is that oftentimes these updates include speed improvements and new features.
- Up-To-Date Operating System (OS)
Apple and Google constantly make improvements to iOS and Android. Throughout the year, both release new OS versions. Download these updates as soon as available to take advantage of new security improvements, which often reduce the threat surface for attackers and remove known vulnerabilities.
- Screen Lock
Physical security is just as important as good digital hygiene. Since most devices today include biometric capabilities, like TouchID or other fingerprint readers, the pain of constantly entering your device password is gone. Set your screen to lock with the minimum amount of time available on your device—oftentimes 30 seconds. This will prevent someone from grabbing your phone and accessing your data if you step away from your device.
Some dubious websites provide guidance on how to root (Android) or jailbreak (iOS) your device. This allows you to customize your device more than the manufacturer intended. While this might seem nice at first, this compromises the entire security model of the phone and exposes you to malicious actors and security vulnerabilities. By rooting or jailbreaking your device, you could give someone complete control and access to your data without even knowing it. Avoid jailbreaking or rooting your device.
- Malicious Profiles
Configuration profiles allow your corporate IT department or school to make it easier to access specific resources, like email on your smartphone. Sometimes, nefarious websites attempt to install a profile without you knowing. Questionable websites claim to offer free access to apps, games, movies or other content to install a configuration profile on your device. These malicious profiles can give full access to your device and web traffic. Avoid installing configuration profiles that do not come from your corporate IT department or school.
- Avoid Insecure Public Wi-Fi
Using public Wi-Fi is a great way to get mobile access to the web and email without using your data plan. Unfortunately, malicious actors can snoop on this traffic from your mobile device. To prevent this, avoid using unknown public Wi-Fi when possible or use a free solution like Opera VPN. Opera VPN and similar apps are available in app stores and encrypt traffic moving from your mobile device. This means no one can snoop.
Special Considerations for Enterprise IT Administrators
If our organization runs a bring-your-own-device (BYOD) program, provides corporate-owned devices to employees or you are responsible for managing these devices within your organization, take note of some ways you can ensure security for your organization and employees:
- Use a product purpose built for managing mobile devices.
VMware AirWatch is a unified endpoint management (UEM) platform that allows your corporate IT department to manage iOS, Windows, Mac, Android and other devices in a single solution. AirWatch provides all of the tools IT needs to create and manage a mobility program:
- Configure policies including app blacklists, Wi-Fi security, TLS enforcement and more.
- Enforce a device-level passcode with complexity and history requirements.
- Revoke access to company apps and data automatically if compliance policies are violated.
- Enable device-level encryption, data encryption and hardware security policies.
- Enforce containerization of business apps and data using native OS controls.
- Monitor for malware threats or jailbroken devices and automatically remediate with a remote lock, device wipe or customizable device quarantine controls.
- Use an identity and access management solution with single-sign on (SSO) capabilities.
Reduce password pain for end users and strengthen your organizations security posture with an integrated identity and access management solution. VMware Workspace ONE combines identity and access management with UEM. This powerful combination eliminates the need for complex passwords with single sign-on (SSO), a unified app catalog and endpoint management powered by AirWatch.
This article originally appeared on the AirWatch blog.
For more than a year, the intense debate surrounding data access and control has raged on. After the San Bernardino massacre in December 2015, Apple and the FBI feuded about access to data on the iPhone 5C used by one of the attackers. Several other court cases touched on the subject of digital privacy throughout last year, including one we covered in our blog in December 2016 in which the Florida Court of Appeals bucked the trend of siding on behalf of protecting users by ruling that the government can force an iPhone user to release the passcode to unlock his/her phone. This week, privacy proponents have been dealt another blow.
On Friday, Feb. 4, a U.S. magistrate ruled against Google, ordering the tech giant to cooperate with FBI search warrants demanding access to user emails stored on servers outside of the United States. Given a recent ruling in favor of Microsoft in a similar case, the battle is likely far from over.
U.S. Magistrate Judge Thomas Rueter in Philadelphia ruled on Friday that transferring emails from a foreign server so FBI agents could review them locally as part of a domestic fraud probe did not qualify as a seizure.
The judge said this was because there was “no meaningful interference” with the account holder’s “possessory interest” in the data sought.
“Though the retrieval of the electronic data by Google from its multiple data centers abroad has the potential for an invasion of privacy, the actual infringement of privacy occurs at the time of disclosure in the United States,” Rueter wrote.
Google and others had been hoping that the Microsoft ruling would create some legal guidance for similar cases, as the laws on the books pertaining to such issues, including the Stored Communications Act of 1986, are outdated and insufficient. As abstract property in the form of data continues to be a bone of contention, intervention by Congress or the Supreme Court may be necessary to help put an end to the data access debate. In fact, Judge Susan L. Carney who presided over the Microsoft case highlighted this in her ruling:
“We recognize at the same time that in many ways the [Stored Communications Act] has been left behind by technology. It is overdue for a congressional revision that would continue to protect privacy but would more effectively balance concerns of international comity with law enforcement needs and service provider obligations in the global context in which this case arose.”
In the meantime, companies are encouraged to take steps to protect the data on company-owned and BYOD devices through enterprise mobility management to help avoid unnecessary conflict that continues to surround this critical issue. Contact our team for help determining the right solution for your organization.
After thorough research performed by our mobile threat prevention (MTP) partner, Check Point, a new and alarming type of malware campaign has been identified. Known as Gooligan, this malware is used to generate ad revenue on the Android platform. Check Point noted that as of the end of November, Gooligan had breached the security of more than one million Google accounts, with an additional 13,000 devices being impacted each day.
Back in March, we shared an introduction to Google’s new Android-based initiative called Android for Work. Given high consumer demand for Android-based devices, Google had hoped to infiltrate the workplace with this system that promised increased mobile device productivity without sacrificing data security in the process. Recently, Google announced a new set of plans for wooing additional enterprise customers to this platform that has some businesses taking note.
Recently, Google revealed its new Android-based initiative called Android for Work. With the vast majority of mobile devices purchased by consumers today being Android-based, this system has great potential for increasing business-related productivity on smartphones and tablets brought to the workplace, while keeping devices and data secure in the process. This system is launching with the support of our EMM partners AirWatch, MaaS360 and MobileIron along with storage partner Box. You’ll see more information regarding each of their initiatives in this space soon.
Android for Work consists primarily of four key technology components: Google Play at Work, the Android for Work app, Work profiles, and built-in productivity tools of all kinds. Our EMM partners mentioned above will leverage these components in various ways. For now, we’ve summarized these components below.
Google Play for Work
This workplace apps hub allows businesses to deploy apps to those running Android for Work on their mobile devices, and ensures that IT has control of exactly what apps are deployed to the devices.
With Android 5.0 Lollipop, Google is able to allow you to have a dedicated work profile that exists inside your phone — separate from your everyday personal profile. This Work Profile can contain IT-deployed, work-approved apps that are secure and private. This allows information stored inside these apps to stay separate from the user’s personal information and app profiles.
Android for Work App
This app has been created for Android devices not capable of running Android 5.0 Lollipop. It works on Android devices running Android 4.0 Ice Cream Sandwich through Android 4.4 KitKat. With this app, non-Lollipop devices can be managed by IT to provide secure email, calendar, contacts and documents, and access to approved work apps.
Built-in productivity tools
Google has created a suite of business apps for email, contacts and calendar, which supports both Exchange and Notes and provides document editing capabilities for documents, spreadsheets and presentations. These were each designed unique to the Android for Work ecosystem.
There is no doubt the Google is serious about making Android a key player in the workplace in an attempt to match its dominance in the consumer space. As more BYOD initiatives are leveraged in the workplace, and they will be … it is a matter of time, it makes sense that the owner of the #1 selling mobile device OS, Android, intends to take on Apple and Microsoft head on.
By MICHAEL CALORE from Wired
But despite arriving on April 1, 2004, its webmail service was no joke. Google’s simple, browser-based inbox helped seed several ideas that have become so commonplace over the intervening decade, they practically define modern computing as we know it.
Gmail debuted as an invitation-only product, forcing us to beg friends with newly minted gmail.com addresses for precious invites. And once we were in, we experienced something miraculous — a spam-free inbox with a killer integrated search tool and a gigabyte of gratis storage.
We already had webmail, but it was viewed mostly as a convenience to be used while on the road since we could access it from any computer. It wasn’t enjoyable. Web inboxes were slow and cumbersome, messy with checkboxes and radio buttons, and often so riddled with spam they had to be emptied frequently lest they reach capacity.
Gmail changed all that. It was fast and elegant. There was so much storage, you never had to delete anything. In fact, you couldn’t. There wasn’t even a Delete button! And you didn’t miss the Delete button, because the inbox was almost entirely spam-free.
Gmail took Ajax mainstream. It gave webmail a slick snappiness more akin to a desktop application, and it left clunky old Hotmail in the dust. New messages just appeared, chat windows popped up instantly — all without a browser refresh. Today, we all expect websites to behave like real applications.
Another concept made familiar by Gmail: trading privacy for services. Skeptics objected to Google machine-reading our emails to improve its ad-targeting science, but the rest of us didn’t care. After all, Gmail did so much, and it didn’t cost a dime.
When the service finally went no-invites-required in February 2007 and opened to everyone, its user base quickly ballooned to tens of millions. Today, it’s around half a billion. The service has also grown into a full-fledged platform. There’s a contact manager and fully integrated text, video and SMS chat. Users can plug in widgets that help manage tasks, set reminders or just show pictures of their kids. Google has built up an entire suite of office applications that run in the browser, and Gmail is the hub.
And that brings us to the final big idea that Gmail popularized: cloud-based services.
Yes, cloud computing has always been a thing. The idea of storing data on a server and accessing it over the internet is older than your first SCSI drive, and it wasn’t until recently that it acquired a fancy new buzzword. But Gmail put all the key concepts of cloud computing — a service delivered over the network, flexible mass storage, instant access from anywhere — into a consumer product that ran inside the web browser and behaved like a regular computer program. The idea that you could run Gmail at your desk at work, then go home and launch it on your desktop using a different browser, even a different operating system, and have it look and behave exactly the same way in both places was a totally new concept to almost everyone who used it. No special software was required. You never had to worry about storage. It was always there. And there were no messy connections, just a simple password login.
Today, all of these concepts — web applications, machine-targeted ads, cloud storage — are commonplace. Gmail was the arbiter. It may have not have exactly lowered the heavens upon its arrival, but it certainly ushered in the web’s common era.