'

5 Ways to Protect your Mobile Security

Понравилась презентация – покажи это...





Слайд 0

5 ways to protect your mobile security


Слайд 1

As the world becomes more connected, security needs to be at the forefront of people’s minds as they use mobile devices to live every day life.


Слайд 2

By looking at insights into our behaviors on mobile devices, we can change those behaviors to keep our devices and data safe and private.


Слайд 3

5 things to consider to protect your mobile safety: 1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 4

1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 5

It’s hard to remember the myriad of passwords we use for our accounts online.


Слайд 6

There are a number of ways we hear of people dealing with this, including writing them down on a piece of paper or using the same password across all your accounts.


Слайд 7

One of the most concerning practices we’ve heard of, however, is storing your passwords in your mobile contacts.


Слайд 8

One of the most concerning practices we’ve heard of, however, is storing your passwords in your mobile contacts. This is a definite DON’T DO in our books.


Слайд 9

I’m hiding them in there!


Слайд 10

I’m hiding them in there! One of the main justifications we’ve heard for storing your passwords as contacts is that you’re actually “hiding” them in there. Have you ever “hidden” a file in a file in a file on your PC in the hopes that it’d be hard for someone to find it? It’s a similar mentality.


Слайд 11

I’m hiding them in there! One of the main justifications we’ve heard for storing your passwords as contacts is that you’re actually “hiding” them in there. Have you ever “hidden” a file in a file in a file on your PC in the hopes that it’d be hard for someone to find it? It’s a similar mentality. But you’re not actually hiding them at all.


Слайд 12

There are tons of legitimate apps that access contact information.


Слайд 13

There are tons of legitimate apps that access contact information. Your social networks do it, your shopping apps do it, your health apps do it. Most of the time apps use your contacts in order to help you find friends or invite new people to the service. While the intentions are good, you might wind up sharing all of your passwords with the developers of the apps on your phone.


Слайд 14

There are tons of legitimate apps that access contact information. Your social networks do it, your shopping apps do it, your health apps do it. Most of the time apps use your contacts in order to help you find friends or invite new people to the service. While the intentions are good, you might wind up sharing all of your passwords with the developers of the apps on your phone. Suddenly, you don’t know how your passwords are being stored, who has access to them, and if the systems they’re living on are protected from attack.


Слайд 15

But seriously, remembering all those passwords is a chore.


Слайд 16

But seriously, remembering all those passwords is a chore. We get it, many people have upwards of 100 accounts online and you always hear the advice, “Use a different password for all your important accounts!” There are tools that can help. 1Password and LastPass are online password management tools that store all of your passwords and let you use one password across all of you accounts.


Слайд 17

But seriously, remembering all those passwords is a chore. We get it, many people have upwards of 100 accounts online and you always hear the advice, “Use a different password for all your important accounts!” There are tools that can help. 1Password and LastPass are online password management tools that store all of your passwords and let you use one password across all of you accounts. Of course, no system is perfectly secure and any time you store data online, you run the risk of losing that data. However, the benefit of storing your passwords in a safe, managed service hugely outweighs the risk of storing them in your contacts.


Слайд 18

1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 19

Jailbreaking your iOS device (or rooting in the case of Android) is tempting.


Слайд 20

After all, who wouldn’t want access to a whole new world of apps, easier international travel, and more control over their phone?


Слайд 21

If you’ve felt the lure to read the latest jailbreaking/rooting tutorial and take the plunge, you’re not alone: An estimated 7.5 percent of all iPhones — amounting to more than 30 million devices worldwide — are jailbroken. Jailbreaking is especially popular in China, where an estimated 13 percent of all iPhones are jailbroken.


Слайд 22

While we understand the temptation, we have one piece of advice: Unless you’re a pro, avoid jailbreaking.


Слайд 23

There are many security concerns you might not realize if you jailbreak / root your device.


Слайд 24

There are many security concerns you might not realize if you jailbreak / root your device. In many cases you may need to change some security settings on the device in order for the jailbreak to work. Those who don’t know what they’re doing, however, may not know how to properly reinstate security settings after the jailbreak is complete, leaving themselves open to attack.


Слайд 25

There are many security concerns you might not realize if you jailbreak / root your device. In many cases you may need to change some security settings on the device in order for the jailbreak to work. Those who don’t know what they’re doing, however, may not know how to properly reinstate security settings after the jailbreak is complete, leaving themselves open to attack. People with jailbroken phones will also readily download third-party apps. Though this is possible to do on non-jailbroken devices, it is much easier to accomplish in a jailbroken environment. Apps on a jailbroken device can also run with escalated privileges and access sensitive data belonging to other apps.


Слайд 26

There are many security concerns you might not realize if you jailbreak / root your device. In many cases you may need to change some security settings on the device in order for the jailbreak to work. Those who don’t know what they’re doing, however, may not know how to properly reinstate security settings after the jailbreak is complete, leaving themselves open to attack. People with jailbroken phones will also readily download third-party apps. Though this is possible to do on non-jailbroken devices, it is much easier to accomplish in a jailbroken environment. Apps on a jailbroken device can also run with escalated privileges and access sensitive data belonging to other apps. For example, the recent Keyraider malware impacted jailbroken iOS devices and stole 225k Apple accounts.


Слайд 27

It’s not just about security.


Слайд 28

It’s not just about security. Outside of security, there are many other reasons to be wary of jailbreaking or rooting your phone. For one, you’ll likely kiss any builtin customer support or warranty goodbye, which is problematic if you ever have a problem with your phone (and potentially out of several hundred dollars). It can also wreak havoc on battery life, and make your phone inoperable with future operating systems.


Слайд 29

It’s not just about security. Outside of security, there are many other reasons to be wary of jailbreaking or rooting your phone. For one, you’ll likely kiss any builtin customer support or warranty goodbye, which is problematic if you ever have a problem with your phone (and potentially out of several hundred dollars). It can also wreak havoc on battery life, and make your phone inoperable with future operating systems. So, to keep your phone safe and running optimally, stay far away from jailbreaking/rooting. It might be less fun coloring in between the lines, but it’s one of the best things you can do for your phone and data.


Слайд 30

1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 31

Updating your software is sometimes an inconvenience, but it’s also necessary to keeping up your mobile security hygiene.


Слайд 32

Sometimes updates require connecting to a power source, backing up data, or temporarily losing access to an app or service while the update processes. Whatever the reason, oftentimes we see that little tally of available updates increase and increase.


Слайд 33

The problem is, there are many critical security fixes that get pushed through these OS and app updates and when we ignore them, we leave ourselves vulnerable and open to attack.


Слайд 34

It just says “bug fixes” and feature upgrades, why should I care?


Слайд 35

It just says “bug fixes” and feature upgrades, why should I care? Those “release notes,” or the details that show you what you’re getting in a software update don’t often tell the whole story.


Слайд 36

Take, for example, these updates:


Слайд 37

These are real release notes in the “What’s New” section from apps affected by a piece of malware called XcodeGhost. The updates, though, just look like run-of-the-mill feature changes.


Слайд 38

Here you only see “Support for iOS 9.” This is vague and it doesn’t mention anything about security, but, in fact, the app had updated to get rid of the malware.


Слайд 39

Here you see a more detailed reference to, “Security issue caused by external malware affecting v6.2.5 was fixed in v6.2.6 and above.” This also references XcodeGhost and an update to get rid of the malware.


Слайд 40

You always want to be running on the most up-to-date software on your device.


Слайд 41

You always want to be running on the most up-to-date software on your device. In the security industry, when software is “patched,” that often means researchers can publish their findings — meaning bad guys and good guys alike suddenly have more information about vulnerabilities and other problems.


Слайд 42

You always want to be running on the most up-to-date software on your device. In the security industry, when software is “patched,” that often means researchers can publish their findings — meaning bad guys and good guys alike suddenly have more information about vulnerabilities and other problems. Releasing this information is a good thing because it helps security teams learn how to secure their software, but it also means that people need to download the latest patches to make sure they’re safe.


Слайд 43

1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 44

We’ve all been there: you’re running low on data, but you’re stuck in a really long line and want to check Facebook. Maybe you’re at the airport and realized you didn’t download that eBook for the plane.


Слайд 45

Unfortunately, connecting to and using that public Wi-Fi may be jeopardizing your data and privacy.


Слайд 46

Isn’t it fine if I’m only on there for a minute?


Слайд 47

Isn’t it fine if I’m only on there for a minute? When you use the Internet, you’re sending communications between computers. Accessing Facebook? Your phone is effectively talking to Facebook. The problem with public Wi-Fi is something called a “Man-in-the-Middle Attack,” whereby an attacker can sit on the Wi-Fi connection and eavesdrop on this conversation.


Слайд 48

Isn’t it fine if I’m only on there for a minute? When you use the Internet, you’re sending communications between computers. Accessing Facebook? Your phone is effectively talking to Facebook. The problem with public Wi-Fi is something called a “Man-inthe-Middle Attack,” whereby an attacker can sit on the Wi-Fi connection and eavesdrop on this conversation. In this attack, a person is able to listen in on an unprotected network, intercept your communications, and decrypt them (if they’re even encrypted in the first place) to read what you’re talking about.


Слайд 49

I don’t have anything interesting to say, so I’m safe.


Слайд 50

I don’t have anything interesting to say, so I’m safe. Downloading a book? You probably had to enter in your username and password. This counts as a communication that can be intercepted. Did you quickly enter your credit card information? That counts as well. Send off a last-minute work email that may have included sensitive info? That, too.


Слайд 51

I don’t have anything interesting to say, so I’m safe. Downloading a book? You probably had to enter in your username and password. This counts as a communication that can be intercepted. Did you quickly enter your credit card information? That counts as well. Send off a last-minute work email that may have included sensitive info? That, too. We oftentimes don’t realize the kind of information we access or input on our mobile devices, but these phones and tablets are with us all the time. They access all kinds of personal data we should want to keep close to the chest.


Слайд 52

Am I not supposed to use public Wi-Fi then?


Слайд 53

Am I not supposed to use public Wi-Fi then? In a way, yes. If you can avoid hopping on that free network, do. However, there are safe ways to surf the Internet while you’re on the go! Use your 4G/ LTE networks — they are much safer than public Wi-Fi. If you want to work at a coffee shop with free Wi-Fi, use a VPN to encrypt your traffic.


Слайд 54

Am I not supposed to use public Wi-Fi then? In a way, yes. If you can avoid hopping on that free network, do. However, there are safe ways to surf the Internet while you’re on the go! Use your 4G/ LTE networks — they are much safer than public Wi-Fi. If you want to work at a coffee shop with free Wi-Fi, use a VPN to encrypt your traffic. If all else fails, avoid any transactions over public Wi-Fi that may involve signing into an account, checking email, or paying for something. Your data will thank you for it.


Слайд 55

1 The silly things we do with our passwords 2 The case for not jailbreaking/rooting your device 3 The real story behind those software updates 4 The problem with public Wi-Fi 5 The ways we accidentally give over our information on mobile


Слайд 56

Smartphones are small, portable and give us access to a world of information literally in our pockets.


Слайд 57

But mobile devices’ small form also means we interact with them pretty differently than desktop computers. In fact, studies have shown that users are 3x more likely to click on a malicious link from their smartphone than a PC!


Слайд 58

Enter, phishing


Слайд 59

Enter, phishing We’ve all received phishing emails: they are typically designed to look like messages from banks, credit card companies, and similar organizations. The emails often have urgent subject lines requiring action to lure you to a phony website that looks—at least on a cursory glance—legitimate. Think: “Please verify your account” or “2nd Collections Notice.”


Слайд 60

Enter, phishing We’ve all received phishing emails: they are typically designed to look like messages from banks, credit card companies, and similar organizations. The emails often have urgent subject lines requiring action to lure you to a phony website that looks—at least on a cursory glance—legitimate. Think: “Please verify your account” or “2nd Collections Notice.” After clicking on the link and believing that you’ve landed on the organization’s actual website, you may enter in your username and password — unknowingly disclosing your private information to scammers.


Слайд 61

Tricky business


Слайд 62

Tricky business While phishing isn’t new, it does have unique repercussions when you receive malicious communications on mobile — and attackers know this. For one, it’s hard to see if a link is actually legitimate. On a PC, you can hover over a link to determine if it will redirect to a suspicious looking address, but on mobile that’s not the case.


Слайд 63

Tricky business While phishing isn’t new, it does have unique repercussions when you receive malicious communications on mobile—and attackers know this. For one, it’s hard to see if a link is actually legitimate. On a PC, you can hover over a link to determine if it will redirect to a suspicious looking address, but on mobile that’s not the case. It’s also harder to spot if you’re on a suspicious website, if you do end up clicking through. For instance, if you’re on a large monitor you may pick up on a URL reads “usbanki.com” instead of “usbank.com,” but on a mobile device it is much more difficult to spot this distinction. On PC you can also look for the “HTTPS” at the front of a URL, indicating that it is using a secure connection, but this is also not immediately evident on mobile where you have to click on the address bar and scroll to the front of the URL to determine if the site uses HTTPS.


Слайд 64

Tricky business While phishing isn’t new, it does have unique repercussions when you receive malicious communications on mobile—and attackers know this. For one, it’s hard to see if a link is actually legitimate. On a PC, you can hover over a link to determine if it will redirect to a suspicious looking address, but on mobile that’s not the case. It’s also harder to spot if you’re on a suspicious website, if you do end up clicking through. For instance, if you’re on a large monitor you may pick up on a URL reads “usbanki.com” instead of “usbank.com,” but on a mobile device it is much more difficult to spot this distinction. On PC you can also look for the “HTTPS” at the front of a URL, indicating that it is using a secure connection, but this is also not immediately evident on mobile where you have to click on the address bar and scroll to the front of the URL to determine if the site uses HTTPS. Even incredibly tech-savvy people can fall prey to these schemes. The result? Your sensitive information gets in the hands of attackers who will likely use it for their gain.


Слайд 65

Don’t get phished — get savvy


Слайд 66

Don’t get phished — get savvy To avoid getting phished on mobile, the best thing is to avoid clicking on email messages and links that just don’t look right. Messages requesting your password, login details, or other important financial information should especially raise red flags. Know that your favorite social network, bank, or insurance company—basically any company that deals with sensitive information—will never ask for your password or other personal data via email.


Слайд 67

For more mobile security tips, follow


Слайд 68


×

HTML:





Ссылка: