Black EnterpriseInternet security » Black Enterprise

8 Ways to Protect Your Smartphone from Viruses

Marcia Wade Talbert — Tue, 07 Dec 2010 12:00:08 +0000

Threats to your mobile phone are growing. Smartphones are susceptible to viruses, malware, and spyware just like a computer. In fact, there are over 1,400 mobile malware signatures, according to Kaspersky Labs America, a security company that sells antivirus software for PCs, Macs, and smartphones that run Windows- and Symbian-based operating systems. Because Windows and Symbian are two of the most popular types of phones in the world they are more prone to viruses. But this summer, Kaspersky Labs, claims to have found the first Trojan virus that specifically targets Android phones. Apple claims that you can’t get a virus on their phones, but some purport otherwise.

Besides the danger of phone malfunction and failure due to bugs, attackers can also get access to the data on your phone, including your contacts, email, photos, and even your whereabouts. But all is not lost. Here are some things you can do to keep your phone safe from viruses and your personal information private.

ALSO READ: A Professional Hacker Tells You How to Protect Your PC

1. Avoid Jailbreaking or otherwise “rooting” your phone, says Tim Armstrong, virus analyst at Kaspersky Labs. Your smartphone becomes a bigger target for malicious agents when you “jail break” or hack into your phone so that you can download apps from other operating systems or switch mobile carriers.

2. Avoid opening email attachments on your phone. As with desktop malware, mobile attachments can contain malicious programs.

3. Avoid clicking on links in text messages. Text message spam can contain links to malicious websites.

4. When downloading applications be wary of the system resources that the application needs permission to access on your phone. If you are not familiar with the app don’t download it.

5. “Be extra careful of possible phishing sites while using your mobile browser,” says Armstrong. While browsing the internet, apply all of the same precautions to your phone as you would your desktop. When possible, enter the site address directly in the browser. If you click a link to a new page check the URL to make sure you weren’t redirected to an unknown site.

6. Turn your Bluetooth device off when you are not using it. Anyone with a Bluetooth-enabled phone can easily spy on your phone activity, from calls you make to the text messages you send. Also, do not accept Bluetooth messages from strange phone numbers.

7. Lock your phone, and enable remote wipe. “The most common problem affecting mobile users is the physical loss of their phone…from leaving it in the back of a cab to having it stolen,” says Armstrong. Wiping it will keep thieves from accessing any personal information on the phone. Also, make sure you back up the data on your phone.

8. Upload antivirus software. Many smartphones come with some form of antivirus protection, but it doesn’t hurt to get more. Companies like Kaspersky Labs, McAfee, and Lookout Mobile Security will provide you with extra protection along with other critical services.

For more information on cyber security read:

Five Steps to Better IT Security

Who’s in Your Wallet?

Tech Insider: Cloud Storage Keeps Your Data Safe and You Sane

Who’s in Your Wallet?

Bridget McCrea — Thu, 15 Apr 2010 10:05:44 +0000

Sites like Mint.com, Wesabe.com, and Buxfer.com tout their ability to let you handle everything from your bank accounts to your investments and your credit cards online. But is your data safe?
Log on to one of these sites and one of the first things you’ll have to do is pull together—and submit—all of the user names and passwords associated with those accounts.
As you hit “submit” to send that sensitive information into the ether, you’re bound to recall the many horror stories you’ve seen in the press about the dangers of revealing such information online. It’s a dilemma many consumers face in today’s increasingly digital world.
Money management sites require no software, and they’re free. In exchange for viewing a few of their partners’ ads, the services use the information you provide to scour through bank, brokerage, credit card, and mutual fund sites in search of your financial data. That information is then categorized and used to create a financial snapshot that includes everything from the $120 you spent on groceries to the $1,000 deposit you plunked down for your wedding dress.
In addition, the sites help you set goals (like putting a certain amount of money per month into savings) and manage your financial life without having to wade through paper statements and sticky notes. “These money management sites are growing in popularity as more consumers take hold of their finances and deal with money in this difficult economy,” says Carrie Coghill-Kuntz, director of consumer education for Norwalk, Connecticut-based FreeScore.com, a provider of consumer credit information. “They are particularly useful for the consumer who wants to do better budgeting and gain control of his or her finances without having to hire a financial planner.”
Despite their utility, the sites do raise concerns about security, warns Coghill-Kuntz. “The services themselves don’t guarantee anything in terms of your information being compromised. While your credit card company will deal with you to reverse any fraudulent charges that occur, the online money management sites work independently.”
Those independent sites are up front about what they do and don’t handle in terms of security. Wesabe’s Website, for example, offers several data upload options, ranging from fully automatic (where the site handles it all) to manual uploads (where you select what is uploaded). During the upload process, the site uses “industry-standard encryption, so none of the data is in a format that can be read by hackers.” In addition, accounts are stripped of personal identifiers like name and e-mail address.
At Mint.com, a money management site recently purchased by Intuit, founder Aaron Patzer says protecting sensitive data is a major concern. Currently vice president and general manager of Intuit’s personal finance group in Mountain View, California, Patzer says the site uses bank-level data security encryption (known as 128-bit SSL or secure sockets layer) when communicating with users’ Web browsers. “No one can intercept that information,” says Patzer, whose firm also has had security audits completed by Web security firms VeriSign Inc., TRUSTe, and MacAfee Secure.
Mint.com is also an anonymous, read-only system. So, while it knows your name, e-mail address, ZIP code, and site password, it doesn’t know your Social Security number. And when the site goes out to banks and credit card firms to fetch information, it does so in a “read-only” fashion that allows it to see the data but not change it. “Even if someone managed to get past our security and knew your password, they wouldn’t be able to drain any money out,” says Patzer, “or use your credit cards.”
Even with those assurances, you’ll want to take a few extra steps before handing over your information to an online money management site. Patzer says a good first step is to look for the “lock” in the lower right corner of your browser and an “https” domain name. These signify a secure site, says Patzer, who also advises users to install (or upgrade to) the latest virus protection software.
Coghill-Kuntz concurs, and says the underlying assumption should be that any and all information in cyberspace could potentially be compromised. Work only with reputable, experienced online money management services. Also be sure to review your individual accounts for irregularities at least once a week.
—Bridget McCrea

MasterCard Opens Online Store

Sheiresa Ngo — Wed, 14 Apr 2010 17:23:02 +0000

Do you like to shop online? If you do, one credit card company would be very happy to have your business—and they’ve developed a special place just for you. MasterCard opened an online shopping mall this week called MasterCard Marketplace. Shoppers can browse available items and access coupons, in-store events, and special discounts only available through the Marketplace. Items for sale through this new online mall include electronics, clothing, and jewelry.

This service is only available to MasterCard holders, who must enroll in the program to participate. It’s currently free of charge, although cardholders also have the option of upgrading to MasterCard Marketplace Plus for an annual fee of $29.95. MasterCard MarketPlace Plus gives cardholders access to deeper discounts (up to 20% to 50% off selected items) as well as free shipping and exclusive sales and promotions. Some of the retailers participating in MasterCard Marketplace are Land’s End, Target, and The Home Depot.

While using this online marketplace might be convenient, it does raise concerns regarding privacy. MasterCard has partnered with NextJump, a company that tracks consumer behavior and uses the information to assist retailers with personalizing the products they offer consumers. When you use MasterCard Marketplace, your shopping habits are tracked through features such as tracking cookies in order to monitor your activity on the Website. For example, if you buy a lot of shoes on this site, you’ll start to get offers and discounts from various shoe stores.

Furthermore, in order to access the daily offers, you’ll need to link your MasterCard credit, debit, or prepaid card to their Website. Unless you choose to opt out, NextJump collects and stores payment information, which includes your name, address, card number, security code, and expiration date.

While shopping from home can be easy and enjoyable, it’s important to make sure you stay safe while shopping online. Take extra precaution when signing up for services and alerts on Websites. Use these three tips to guide you.

Carefully read the privacy notice. Find out what information is being collected about you, how, and why.

Exercise your right to opt out. If you’re given the option to prevent personal information from being collected and stored, take it. If a retailer’s database is ever compromised, your stored information could be at risk.

Educate yourself. Learn how to stay safe online. Websites like OnguardOnline.gov and StaySafeOnline.org give tips on how to protect your personal information while on the Web.

Sheiresa Ngo is the consumer affairs editor at Black Enterprise.

Five Steps to Better IT Security

Bridget McCrea — Tue, 25 Nov 2008 17:50:25 +0000

When the Georgia Tech Information Security Center (GTISC) released its list of emerging cyber threats for 2009, the news wasn’t good for companies that use computers in the course of business. Sophistication of threats continues to rise, says the GTISC, as do the number of cyber criminals who are seeking not only data and information, but also profitability from their activities.

In its report, the GTISC outlines the top cyber security areas where threats are expected to increase and evolve in the next 12 months. At the top of the list is malware (a program or file that is designed to specifically damage or disrupt a system); followed by botnets (networks of “zombie” computers controlled by a single entity); and cyber warfare (including targets on the U.S. economy and infrastructure).

The bad news is that these cyber threats can hit companies of all sizes that do business online, whether they’re selling products and services, purchasing raw goods, banking on the Web, or all of the above. The good news is that there are steps that companies can take to ward off and/or minimize the damage inflicted by online crooks:

Evaluate Your Vulnerabilities
No matter how big or small your company is, know that there are indeed risks to doing business online. While a small accounting firm may not possess a huge database of customer credit card numbers, be assured that its IT system contains something of value to hackers. “Figure out what you need to protect,” advises Michelle Drolet, CEO at Towerwall, a Framingham, Mass.-based security consultancy. Key areas to consider include intellectual property, employee data and company financials – all of which could be of value to cyber-crooks looking to make money online.

Establish Best Practices
Once you’ve figured out what would be of most value to a criminal, you’ll want to use tools such as firewalls, software patch updates, employee education, and strong company policies to protect the data, information, and systems associated with those particular areas. For some companies, best practices could mean implementing a firewall, adding an intrusion detection system, and keeping both updated, while other firms may need a more sophisticated approach to IT security, Drolet says. As you establish these practices, realize that computer users tend to be the weakest link in any security program, with their propensity to open e-mail messages from unknown sources and utilize overly simple passwords. “Put together a user awareness program that takes into account not only the protection of company systems via frequent scans for malware and botnets, but that also addresses issues like document shredding and protection of customer data,” Drolet says.

Make Security a Priority
Yes, we know you have a 100 other things on your to-do list, but adding online security to that list is a must do for all companies right now, says Steve Hurst, product director for AT&T Managed Security Services in Bedminster, New Jersey. Start by viewing security not as an afterthought, but as part of your company’s overall business operations. Understand that threats can be both internal (employees leaving behind laptops on airline security belts, for example) and external (from outside hackers attempting to harvest valuable information). “By making security a company-wide initiative, Hurst says firms can lessen their security risks and save both time and money required to deal with such threats.

Put Someone in Charge
Smaller firms tend to spread responsibility for IT security around the entire organization, but Hurst says a better approach is to put someone in charge of the initiative. To create an even stronger fortress, he advises firms to assign a backup person to handle the initiative, just in case. By assigning responsibility to these reliable individuals, companies will have just a couple of go-to people to maintain a proactive stance against possible threats – and to deal with any that do affect the company. “The idea is to create layers between the users of the information and the information itself,” Hurst says.

Be Vigilant About Security
It’s not enough to just install a firewall and hope for the best anymore. Today’s sophisticated criminals can sniff out vulnerabilities like bloodhounds. “What’s safe today could turn into a target tomorrow,” says Drolet, who cautions firms against resting on their security laurels – even those that haven’t felt the impact of a security threat. “It’s all about vigilance in today’s IT environment, since you never really know where the next threat is going to come from.”

Web Resources:

Microsoft’s Small Business Security Guidance Center

NIST Computer Security Resource Center