Ensuring Mobile Device Security

Ensuring Mobile Device Security

Quick Heal Technologies Private Limited

• App stores and mobile apps are the greatest hostile code and malware delivery mechanism ever created.

— Winn Schwartau, chairman of MobileActiveDefense.com

• For most enterprises and consumers today, mobile and cloud security are viewed in a pretty straightforward way — don't assume there is any.

— Russ Dietz, CTO of SafeNet

Introduction

What do we do with mobile devices?

Phone service and text messaging

Personal email

Scheduling appointments & reminders

Accessing social websites

Listening to music and watching videos

Playing online games

Online shopping, banking and bill paying

Document & other data storage

Information stored in mobile devices

Usernames

Contacts

Passwords

Cookies

Location data

UDID/IMEI, Device name, Network connection name

Personal information: DoB, address, social, credit card data, photographs etc.

Application data

Confidential and official documents

Transaction history

Number Crunching..

Mobile device explosion

There are officially more mobile devices than people in the world

And they’re multiplying five times faster than we are

December 2014

7.1 Billion

People

7.7 Billion

Mobile Devices

14.1 Lac Apps

on Google Play

1.4+ million apps available

75+ billion apps downloaded

Do you agree?

With the explosive growth of smartphones, tablets and other mobile devices, consumers must make

security of the mobile devices a priority & find means for securing their mobile devices seamlessly and

efficiently.

Risks associated with mobile devices

Portable data storage

Wireless connections

3rd party applications

Data integrity

Data availability

To ensure mobile device security

Ensure the security of the mobile device

Ensure the security of mobile data

Ensure the security of mobile applications

Threats To Mobile Devices

Quick Heal Technologies Private Limited

Threats to mobile devices

Mobile malware

Smartphones and tablets are susceptible to worms, viruses, Trojans and spyware similarly to desktops

Mobile malware can steal sensitive data, rack up long distance phone charges and

collect user data

Threats to mobile devices

Eavesdropping

Wireless networks have good link-level security but lack end-to-end upper-layer security

Data sent from the device to the outside world is often unencrypted

Intruders eavesdrop on user’s sensitive communications

Threats to mobile devices

Unauthorized access

Unauthorized access to mobile devices also means unauthorized access to emails, apps, social media profiles, multimedia files and more.

Threats to mobile devices

Theft and loss

Mobile devices are easily susceptible to loss or theft

Leaving your phone in a taxi or getting your phone stolen during a bus commute

Data stored in such devices is at risk

The data could be corporate mails, passwords, bank statements & other crucial information

Threats to mobile devices

Unlicensed and unmanaged applications

Even popular apps have vulnerabilities that are open for exploits

Needless to say, the security threats posed by unlicensed apps

Whether apps are licensed or not, they must be updated regularly to fix vulnerabilities that could be exploited to gain unauthorized access or steal data

Threats to mobile devices

Unlicensed and unmanaged applications

Access to confidential data

In-app ads get the same permissions

Malicious and suspicious app activity

System instability

Methods to handle mobile security

Authentication

Encryption

Filtering

Authentication

Authentication is the process of determining whether someone or something is, in fact, who or what it is declared to be

User authentication is usually handled with username & password combinations, biometric identifications, PINs etc.

Ultimate aim is to ensure device access to authentic users only

Authentication

Mobile devices by default are not password enabled

However, most of the devices have technical capability to support authentication - passwords, PINs, pattern screen locks, and biometric readers

It is up to the users to ensure these are enabled

Encryption

Encryption is the conversion of data into a form, called a ‘ciphertext’, that cannot be easily understood by unauthorized people

In simple words, encryption is the method of converting plain text to encoded text which is unreadable by intruders

Encryption

Encrypting mobile devices helps in securing data stored on a mobile device or transmitted from mobile devices

Most mobile devices have data encryption capabilities

Data encryption has little or no impact on the way users access the data

Encryption

Encryption limits the ability of intruders to obtain readable and reckonable data from the mobile device

Encryption also makes it difficult to generate important data for authentication

Filtering

Filtering is the process of removing threats arising due to web access, email and apps

Mobile devices by default do not have filtering capabilities

Web pages & email attachments are often used as carriers of viruses and malware attacks

Filtering can be done with the use of a mobile security software and it is not a default facility provided by mobile devices

Ensuring Mobile Device Security

Quick Heal Technologies Private Limited

To prevent damage from theft or loss

Set a PIN or password

Set to automatically lock screens

Backup your contact info

Install a security app

Turn on encryption

Turn on location settings

Enable remote wipe if available

Act immediately if lost - Report to the authorities

Ervins Strauhmanis / Foter / CC BY

https://www.flickr.com/photos/ervins_strauhmanis/14365412089/

Review application permissions

Take time to read the small print

• What information does the app require access to?

Encrypt your phone

Encrypt the device data to make it difficult for intruders to gain and understand sensitive information

Apps from unknown sources - Take a call

Apps from unknown sources are necessary sometimes

Mobile Device Management (MDM) - For enterprises

Mobile Device Management (MDM) apps allow enrollment of corporate devices over a seamless cloud-based solution for all mobile devices within the enterprise

Once a device is connected to the corporate network, an authorized administrator can manage and control the mobile fleet

MDM solutions secure, monitor and manage mobile devices within the enterprise

It also blocks phishing and malicious websites and filters web access

How can Quick Heal help?

Quick Heal Technologies Private Limited

How can Quick Heal help?

Quick Heal Khareedo Gaadi Jeeto Contest

Write to us at: corporatecommunications@quickheal.co.in Follow us on: Facebook - www.facebook.com/quickhealav Twitter - www.twitter.com/quickheal G+ - http://bit.ly/QuickHealGooglePlus YouTube - www.youtube.com/quickheal SlideShare - http://www.slideshare.net/QuickHealPPTs Visit us: Website - www.quickheal.com Official Blog - http://blogs.quickheal.com

Thank You!

• http://www.itsecuritywatch.com/mobile-security/10-great-quotes-about-mobile-security/?mode=featured

• http://www.independent.co.uk/life-style/gadgets-and-tech/news/there-are-officially-more-mobile-devices-than-people-in-the-world-9780518.html

• blogs.quickheal.com

References