ENISA, the European Union agency established to contribute to a high level of network and information security just released an huge paper about smartphones security for consumers, employees and high officers. We’ve break it down to what you, as a consumer, should pay attention and change on your smartphone.
What to do about data leakage resulting from device loss or theft ?
Just active automatic locking, do regular backups and annotate phone IMEI number. Remote wipe along with data encryption, for employees and high officers should be an option too.
What to do about unintentional disclosure of data ?
Well, start by scrutinizing permission requests when using or installing apps or services, then review the default privacy settings for those apps or services and, if needed, change the settings.
What to do about attacks on decommissioned smartphones?
That’s simple! Just before disposing of or recycling the phone, wipe all the data and settings from the smartphone.
What to do about those phishing, spyware and financial attacks?
Take a sceptical approach to everything, including messages, content or software. Double check the sources, confirm with friends, read the fine prints and URLS, in summary; check reputation! Also check the phone resource usage and your phone bill at the end of the month.
What to do on network spoofing attacks?
Use public WiFi hotspots with caution and configure the smartphone so that it does not connect automatically. Double check is the service or app uses an encrypted or certified connection (SSL or VPN).
These are ENISA’s most important recommendations and we believe they’re pretty straightforward and they’ll minor security risks, but there’s one more security measure that I’ll recommend, which is: never leave your phone unattended.
