Norton by Symantec issues security advice following the results from a recent survey.
Many people use their personal smartphones for business, which makes the findings from a recent Norton by Symantec survey quite concerning.
The security software maker surveyed consumers from around the world, including Australia, about their concerns and practices for connected devices, such as those used in Internet of Things (IoT) technology.
According to Norton by Symantec's survey, 63 percent of respondents use at least one mobile app to manage finances or to control connected devices such as security cameras.
Yet the survey found that two-thirds do not have security software on their smartphones and almost a third do not have a password or PIN on these devices.
In many cases, the device PIN or password is the only thing standing between an unauthorised user and any connected devices that the phone controls or can access, because any required device passwords are usually stored by the app for the sake of convenience.
“Most of the research into attacks on IoT devices has focused on attacking the device directly, but there is another way these devices are at risk: many IoT devices are controlled by mobile apps and by not protecting these apps, Australians are leaving the door wide open for hackers," said Mark Gorrie, director, Pacific region, Norton by Symantec.
In addition to the risk of someone picking up or stealing a phone that's not protected by a password, there's also the possibility that malicious or intrusive apps might either spill the beans about connected devices or even actively target them.
Protecting mobile devices
So the company recommends the following steps, which you could usefully recommend to any employees permitted to access your connected devices, as well as applying them to your own phone and tablet.
- Use a reputable mobile security app, such as Norton Mobile Security, which pre-scans apps and identifies potential vulnerabilities before downloading Android apps. You should know what you’re downloading before it is on your device.
- Download apps from official app stores. Third-party app stores may not put apps through the same rigour as official app stores such as the Google Play Store or Apple’s App Store.
- Be mindful of app settings. Beware of apps that ask you to disable settings that protect you from installing unsecure apps. This makes your device more vulnerable and opens you to attacks.
Protecting IoT devices
- Keep the device current. Make sure you install the latest updates on your device, whether automatically or when sent from the manufacturer.
- Protect the device. Set strong and unique passwords on these devices. Use a combination of at least eight letters, numbers and symbols.
- Secure communications between the device and network. Protect the communication shared between your device and network by using encrypted communication on your home Wi-Fi (like WPA2) to connect the device. Better yet, use a hard-coded network connection, such as a LAN connection. If you have a feature on your device you don’t use, turn it off.