Smartphone security starts with endusers, says Ansys Group chief executive Teddy Daka. We can no longer pretend our phones aren’t at risk.
Depending on who’s counting, about 40% of South Africans now own and use a smartphone, a percentage that will only grow as time goes by and handsets become more affordable. This is a very good thing: more smartphones means more people have access to the internet and all of the economic and social benefits that brings.
But the convenience and simplicity of the modern smartphone carries with it a fundamental problem: we think of these sleek devices as advanced telephones. Useful, but harmless. We forget that they are powerful computers which contain all our most important information, and are vulnerable to attack.
The golden rule for cybersecurity is to never underestimate the ability and will of digital criminals. Cybercrime is a big money game, and the players invest heavily in developer skills and the latest tools to stay ahead of law enforcement and security measures.
The chances are that you’re a victim of cybercrime without even knowing it. Tens of billions of username and password combinations have been stolen by criminals who hack online service providers like Yahoo!, or harvest email and password combinations with “phishing” attacks. These are all floating around the internet for anyone who can pay to see. That’s why professionals recommend never using the same password twice: it’s one thing for a criminal to get into your loyalty points account. If your online banking password is the same you’re in deep trouble.
Apple and Google, who make the operating system software for the vast majority of phones, do a good job of trying to protect you. They scan apps in their stores for viruses and malware, for example, and attempt to limit the ways in which one application can access data from another.
These initiatives are very good at combating some threats that are specific to smartphones. Apps containing malicious code exist, but so long as you only install software from official sources such as the App Store or Google Play, they’re still rare.
Education, education, education
Other threats are much harder to combat. One way criminals harvest data is by creating a Wi-Fi hotspot that looks like a genuine access point for a coffee shop or telecommunications provider. Once you’ve connected your phone to it, they can see all the information that passes between your handset and the internet.
Or think back to the last time you installed an app because friends recommended it. Did you click past those warnings about what data it wants access to without stopping to ask why a puzzle game needs to connect to your microphone or phone book?
Personally, I think that the only real solution to these issues is education. We need people to be as mindful of security with their phones as they are with their homes, cars and desktop PCs.
We need people to understand why a password vault, which makes remembering lots of long, uncrackable passwords easy, is an essential part of personal defence.
We need people to turn on two-factor authentication wherever possible.
We also need people to learn the importance of backing up everything, all the time. Most phones come with built-in tools for backing up your data, and you should use them.
Why? Because the fastest growing form of digital attack is “ransomware”. A criminal may gain control of your phone and threaten to delete everything on it unless you pay a fee. The best defence against ransomware is a back-up: if your phone is targeted, you can simply reset it and restore your data in a pristine condition.
And finally, we need to teach people to be vigilant. If your phone has been infected by a virus or malware, there’s a good chance it will start behaving in a strange way. The battery may drain faster than usual because of malware running in the background. Or you may find new apps installed that you didn’t ask for.
Smartphones are incredible devices, which promise amazing things. But when our phones are smart, we users can’t carry on playing dumb.
• Daka is Ansys Group chief executive.