Top 10 Smartphone Security Tips

by Joseph Moran

Your smartphone is full of business and personal data, and you need to protect it. These 10 tips will help secure Android, BlackBerry, iPhone or Windows Phone 7 smartphones.

Working at Home

Do you ever give much thought to smartphone security? The smartphone is quickly eclipsing the PC for many common small business tasks that need to be accomplished on the road, such as email, social networking, Web browsing, editing or creating documents.

But smartphones' growing popularity also increases their vulnerability; not only because smartphones are small and easily to lose, but also because they present a big target for same kinds of security threats that plague PCs -- viruses and other malware.

A recent smartphone security study by the Ponemon institute -- commissioned by security software vendor AVG -- found that 84 percent of respondents use the same smartphone for both business and personal use. This gives you a sense of the amount and kind of data a typical smartphone can contain, and why it needs to be protected.

Fortunately, there are steps you can take to keep your smartphone data safe. Read on for 10 smart ways to improve your Android, BlackBerry, iPhone or Windows Phone 7 smartphone security.

1. Screen Lock Your Phone

If you leave your smartphone unattended for a while -- or worse, if it's lost or stolen (more on that later) -- you don't want to make it easy for a passerby to rifle through its contents. Setting your smartphone to require a PIN code or password for access after an inactive period is a relatively easy way to thwart this kind of opportunistic unauthorized access. AVG's survey indicates that fewer than half of smartphone owners use this kind of lock on their phones.

How to screen lock your smartphone:

Note: the device-specific steps listed in this article may vary somewhat depending on the OS version you have.

Android: Go to Settings > Location & security > Set up screen lock. The timeout delay is configured separately, under Settings > Display. Android also offers a connect-the-dots swipe pattern you can use in lieu of a PIN or password, but it might leave telltale smudges on your screen.

BlackBerry: Go to Options > Security Options > General Settings >Password

iPhone: Go to Settings > General > Passcode lock

Windows Phone 7: Go to Settings > Lock & Wallpaper.

2. Enable Remote Locate, Lock and Wipe

Can't find your phone? You may have simply misplaced it somewhere around the office, or inadvertently left it at your last meeting. Then again, maybe someone nicked it when you weren't looking. In this situation, software -- or a service -- with the capability to remotely locate, lock, and wipe your phone might help you retrieve it. Barring that, you'll have peace of mind knowing that even though someone's got his mitts on your phone, your data can still be protected.

Remote location (which works primarily through GPS) has limitations: it won't tell you that your phone can be found in the 3rd floor bathroom of 123 Main St, but it will provide an approximate location that should be enough to let you determine whether or not the phone is somewhere you've recently been.

Especially if you determine that your phone has been pinched, you'll appreciate the capability to lock it with a PIN or password (even if you hadn't previously enabled the aforementioned lock feature), and you'll typically have the option to display a customized on-screen message (e.g. with return/reward info). If you determine that reuniting with your phone isn't in the cards, you can wipe its data clean with a remote command.

How to remote locate, lock and wipe your smartphone:

Android: No built-in remote locate-and-lock feature here, but there several apps can do the job, such as Where's my Droid.

BlackBerry: Download RIM's free BlackBerry Protect from the app store.

iPhone: If you have an iPhone 4 (with iOS 4.2 or later), you can take advantage of Find my iPhone feature offered free through Apple's MobileMe service. (Here are the setup instructions). If you own a third-gen iPhone, you'll need a paid MobileMe subscription ($99 a year) to use Find my iPhone.

Windows 7: Go to Settings > Find my phone to turn on the remote locate/lock/wipe feature, and then head over to windowsphone.live.com.

3. Backup or Sync Your Data Frequently

We hope you never find yourself missing a smartphone or having to issue a remote data self-destruct, but if you do, you'll want to be sure your phone's data exists somewhere else. The same is true in the event your device becomes incapacitated due to physical damage or some other malfunction. Whatever the case, having a backup of your data is critical.

Depending on the smartphone, you may have the option to make a comprehensive backup of your device to a computer, or at least maintain a redundant copy of the most critical data and settings by syncing with online storage (a.k.a "the cloud) -- either via a vendor-provided service or a third-party app. (You can't generally backup the complete contents of your smartphone online due to bandwidth and storage limitations.)

How to backup or sync your smartphone data:

Android: There's currently no option for a soup-to-nuts backup, but Android smartphones running version 2.2 and above have the capability to back up device settings and application data to Google servers. (Third-party app data may or may not be included in the backup, depending on whether or not the developer takes advantage of the feature.

Android's backup option should be on by default, but you can check by going to Settings > Privacy > Back up my data. In addition, the nature of Google's services means that most of the ones you use on an Android device, e.g. Gmail, Contacts, Calendar, etc., are automatically kept in sync for you.

BlackBerry: You can backup a BlackBerry device from the BlackBerry Desktop software. The BlackBerry Protect app/service provides online backup of device settings along with bookmarks, calendar, contacts and text messages.

iPhone: iTunes creates a backup each time you plug in your iPhone to sync content. If you're willing to ante up MobileMe's $99 annual price tag (no free ride for iPhone 4 owners here, though there is a 60-day trial), the service will syncs key data both with online storage and with any Mac and/or PC you choose.

Windows Phone 7: As of this writing, Windows Phone 7 doesn't offer a way to do a phone backup via the companion Zune desktop software (though this is reportedly coming soon), but it does let you sync certain data and file types with a Windows Live account.

(Third-party backup apps available for some of the platforms often provide additional features, such as the capability to back up text messages or call histories.)

4. Apply Operating System Updates

From time-to-time, your smartphone OS vendor, hardware manufacturer or mobile carrier will make operating system updates available for your device. Although these updates are usually promoted as providing new feature x or y that you may or may not be interested in, they typically carry security-related improvements as well, so it's a good idea to apply updates regularly.

How to apply operating system updates:

Android: Go to Settings > About phone > System updates. If one is available, you'll have the opportunity to download it OTA (over-the-air).

BlackBerry: Connect your device to your computer, then visit the BlackBerry Update page and click on the Check for Updates button.

iPhone: Connect to your computer and run iTunes, which will notify you whether an update is available.

Windows Phone 7: Your phone should notify you when an update is available, though to install it you'll need to connect to your PC running the Zune software.

5. Turn Off Bluetooth Discovery Mode

People often leave a smartphone's Bluetooth discovery mode turned on at all times (sometimes it's on by default), but you should disable discovery when you're not trying to pair a device. Failure to do so will continuously advertise your phone's existence to other Bluetooth-equipped devices nearby (albeit within Bluetooth's limited range of about 30 feet), which can result in an unauthorized connection to the phone.

In fact, according to AVG's survey, a paltry 10 percent of smartphone owners turn off their mobile device's Bluetooth discovery feature when it's not in use.

How to turn off Bluetooth discovery mode:

Android: Go to Settings > Wireless and networks > Bluetooth settings > Discoverable, and make sure it's not checked.

BlackBerry: Go to Options > Bluetooth, then click the BlackBerry logo (Menu) button. Choose Options, set Discoverable to No, press the BlackBerry logo button again, and then choose Save.

iPhone: You can't explicitly turn off the Bluetooth discovery, but the iPhone is only discoverable when you're on the Bluetooth settings page – Settings >General > Bluetooth.

Windows Phone 7: As with the iPhone, Windows Phone 7 devices are only discoverable when you're on the Bluetooth settings page at Settings > Bluetooth.

6. Keep Your Phone 'In Jail'

This one's pretty simple. It's tempting to "jailbreak" or "root" your smartphone to access hidden features and unofficial apps. But if you're concerned about security, don't do it. This can circumvent many of the safeguards built into the smartphone's operating system, opening avenues of vulnerability that may not be readily apparent.

7. Avoid Wi-Fi Hotspots

Think twice before connecting your smartphone to a public Wi-Fi hotspot, because just as with your PC, this kind of shared, unsecured connection can leave your activity and data vulnerable to eavesdropping and theft.

Note: If you want to connect your smartphone to a corporate network securely (rather than simply to the Internet), you can do so with a VPN if your corporate network is so equipped. If it is, you'll need specific information from your IT department in order to configure the connection on your phone.

How to find VPN settings:

Android: You'll find VPN settings under Settings > Wireless and networks > VPN settings.

BlackBerry (Wi-Fi enabled): Go to Options > Security Options > VPN.

iPhone: Go to Settings > General > Network > VPN.

Windows Phone 7: Doesn't currently support VPN connections.

8. Mind Your Mobile Apps

With such a wide selection of smartphone apps available -- most of them free or low-cost -- it's tempting to load up on anything and everything that catches your fancy. That's not a good idea, because you can't really be sure what an app is going to do once it's on your phone.

For example, malware-laden apps were recently discovered (and removed) from the Android app marketplace, and federal prosecutors recently began investigating whether numerous app makers are, in violation of privacy laws, collecting and transmitting personal data (often to advertising networks) without users' knowledge or content.

There's not too much you can do to protect yourself from unseen app behavior, other than to keep the number of apps to a minimum, and if possible, use an anti-virus app, which brings us to our next tip.

9. Use Anti-virus Software

As we mentioned earlier, the proliferation of smartphone has not gone unnoticed by malware purveyors, who are increasingly targeting the devices for attack. You probably wouldn't dream of using a PC without anti-virus protection, and in a world where every app, Web link, or email you access with your smartphone can potentially harbor something malicious, it's a good idea to use anti-virus software there as well.

Unfortunately, it's not as simple as that, because anti-virus software isn't available on every smartphone platform. Anti-virus apps are notably absent on iPhone and Windows Phone 7 devices, for example, presumably based on the idea that Microsoft's and Apple's tight control over their respective operating systems and app stores obviates the need for protection.

While this does reduce the risk, it certainly doesn't eliminate it. Consolation prize for iPhone users: you can download Trend Micro's Smart Surfing, which checks the websites you visit against a database of those known to contain malicious content.

The open nature of the Android platform (apps aren't as closely vetted as on say, the iPhone) makes it particularly susceptible to malware, but fortunately there are many protection options available, such as the free AVG Mobilation Anti-Virus, which scans websites, email, text messages, files and apps and offers a remote location lock-and-wipe feature to boot. (A $10 Pro version eliminates ads and provides technical support.)

Another good (and free) option for Android devices is Lookout Mobile Security, though you need to ante up for a paid Premium subscription $3/mo or $30/year) for certain features, such as the ability to remotely lock and wipe.

Lookout is also available for BlackBerry devices (sans Premium option) and BlackBerry users can try a handful of other anti-virus options.

10. Beware of Text Message Spam

Text messages seem innocuous enough, but just like a Web page or an email, they can be used for mischief. Especially if you don't/can't use smartphone anti-virus protection, never respond to or follow any links in a text sent by an unknown party. You could find yourself with unwanted software on your phone or unexplained charges on your bill.

Joseph Moran is a longtime technology writer and co-author of Getting StartED with Windows 7 from Friends of Ed.

Small Business Computing is on Facebook. Join us on Facebook and interact with the site's editors, post messages, share your small business challenges and successes, discuss technology and suggest topics you'd like covered on Small Business Computing.

Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!
This article was originally published on Tuesday Apr 19th 2011
Mobile Site | Full Site