It all starts with a new frontier. Then, the pioneers come to explore and exploit the frontier, followed by settlers moving in to claim the frontier as their own. That brings on the “wild west”—a period with few rules, and rampant lawlessness.
Mobile devices have reached the “wild west” stage. The frontier is there, and the developers and engineers--the pioneers--have stepped in to push the envelope and explore the new possibilities available with mobile devices. Smartphones and tablets have caught on with mainstream users--the settlers--but at this point there are few established or accepted rules. That creates a scenario ripe for exploitation by lawless hackers and malicious developers.
Set aside the melodramatic analogy for a minute. The underlying point is that average people are embracing mobile technology, but they’re ill-equipped for the potential risks. People who never figured out how to set the clock to get the VCR to stop flashing “12:00”--people like my grandmother--are storing sensitive personal information on smartphones and tablets without regard for securing or protecting it.
Attackers go where the potential victims are, and mobile devices are a fertile new hunting ground. Last year was a record-breaking year with more than 70 million new malware threats discovered, and 2012 is on pace to beat it. Mobile devices represent a lucrative, relatively unprotected market that attackers simply can’t ignore.
People generally understand online threats, and most people respect the established security practices for PCs. They know they’re supposed to lock down their PC with a strong password. They know they need to have antimalware protection (and keep it up to date). They know they shouldn’t open suspicious file attachments, or click on links from strangers.
For some reason, though, many people are not applying those lessons on mobile devices. News flash: a smartphone or tablet is just a smaller, more portable form of computing. The security rules are the same.
Start with the password (or PIN, or passcode). Your mobile device has some sort of security controls available to enable you to set a password. You’ll have to enter the password to access the device, and in many cases you’ll have to enter the password to make changes to the device or install new apps. That’s a good thing. The minor inconvenience to you will prevent a large percentage of potential security issues.
Next, you need to avoid mobile malware. One way to do so is to stay out of the dark alleys—in other words, stick with the apps from the official vendor-supported app store. Those are less likely to be malicious. For the apps you do download and install, pay attention, and don’t grant permission to apps that seem to require unusual access to your information.
Finally, use the same common sense on your mobile device that you’ve learned to apply on your PC. If you get a strange file attachment, or a spam text message with a link to click on, ignore them. Delete them. Walk away.
Mobile devices seem like a new frontier in many ways, but in other ways they’re not. They are simply an evolution of traditional PCs—smaller, more portable computing devices. If you use the same basic security practices on mobile devices that you have learned for your PC, mobile won’t be a “wild west” any more.