Because of smart application development, most mobiles don’t face the plethora of threats that PC users do. But online criminals aim to change that. They’re working on malware for Macs, bad apps for Android and, of course, they can still hit you with a phishing scam on just about any web-connected device.
Here are a few precautions that will help protect you on all the laptops, desktop or mobile devices you use.
1. Keep your system and security software updated
This is a tip we always recommend for PCs. But it’s especially important on mobile devices and Macs too. Several important security updates have been included in recent updates of OS X. Our Mobile Security is available for Android, Symbian and Windows Phones. Research to find the best security for your device and keep it up to date.
2. Back up your device
A piece of content that exists only on one local hard drive is a piece of content at risk. Use some method of backup for your computers. If your phone has a backup capability enable it. If it’s available for your mobile, we recommend you use some remote lock software. Our Anti-Theft for Mobile is free. This way even if your device is out of your control, you can still protect your private data.
3. Get your software from a reliable source
For mobile phones, use official markets or vendors you know and trust. Never install software that suddenly appears on your computer or a mobile. You can give a criminal full access to your computer with the wrong click so take downloading and installing seriously. So don’t be afraid to take to cancel and research a product before installing it
4. Watch where you click, especially in emails
Most of us know never to open attachments we don’t expect in an email. But the links in an email can lead to a malicious site or a scam. Phishing scams have new power on mobile phones where we expect web pages to look strange and unfamiliar. Avoid clicking the links in emails you receive, especially from your bank. Go directly to the site you need to use or even call your bank directly if you have a question.
5. Keep your devices and accounts secure
Lock your computers and devices when you aren’t using them. And use a strong, unique password for all of the accounts that matter to you most.
The good habits you’ve picked up from being a smart PC user will benefit you however you connect to the web.
F-Secure’s new Safe Anywhere gives the world’s leading operators and ISPs the ability to protect PCs, Macs and mobile devices with one award-winning solution. Find out more about Safe Anywhere here.
This year’s Mobile World Congress (MWC) is coming up next week. The annual Barcelona-based tech expo features the latest news in mobile technologies. One of the biggest issues of the past year has enticed our own digital freedom fighter Mikko Hypponen to participate in the event. Hypponen, a well-known advocate of digital freedom, has been defending the Internet and its users from digital threats for almost 25 years. He’s appearing at this year’s MWC on Monday, March 2 for a conference session called “Ensuring User-Centred Privacy in a Connected World”. The panel will discuss and debate different ways to ensure privacy doesn’t become a thing of the past. While Hypponen sees today’s technologies as having immeasurable benefits for us all, he’s become an outspoken critic of what he sees as what’s “going wrong in the online world”. He’s spoken prominently about a range of these issues in the past year, and been interviewed on topics as diverse as new malware and cybersecurity threats, mass surveillance and digital privacy, and the potential abuses of emerging technologies (such as the Internet of Things). The session will feature Hypponen and five other panelists. But, since the event is open to public discussion on Twitter under the #MWC15PRIV hashtag, you can contribute to the conversation. Here’s three talking points to help you get started: Security in a mobile world A recent story broken by The Intercept describes how the American and British governments hacked Gemalto, the largest SIM card manufacturer in the world. In doing so, they obtained the encryption keys that secure mobile phone calls across the globe. You can read a recent blog post about it here if you’re interested in more information about how this event might shape the discussion. Keeping safe online It recently came to light that an adware program called “Superfish” contains a security flaw that allows hackers to impersonate shopping, banking, or other websites. These “man-in-the-middle” attacks can be quite serious and trick people into sharing personal data with criminals. The incident highlights the importance of making sure people can trust their devices. And the fact that Superfish comes pre-installed on notebooks from the world’s largest PC manufacturer makes it worth discussing sooner rather than later. Privacy and the Internet of Things Samsung recently warned people to be aware when discussing personal information in front of their Smart TVs. You can get the details from this blog post, but basically the Smart TVs voice activation technology can apparently listen to what people are saying and even share the information with third parties. As more devices become “smart”, will we have to become smarter about what we say and do around them? The session is scheduled to run from 16:00 – 17:30 (CET), so don’t miss this chance to join the fight for digital freedom at the MWC. [Image by Hubert Burda Media | Flickr]
Our history is full of doomsday prophecies. Statistics show that they are wrong to about 100%, and that seems to be accurate as we still are here. :) Vint Cerf is not that pessimistic when predicting a digital dark age. His doomsday only affects our data, but that’s scary too. So what is this all about and how does it affect us ordinary mortals? Mr. Cerf is reminding us about one of the fundamental challenges in electronic data processing. The technology is still very young and sometimes unreliable. A special problem is the longevity of storage media. A traditional photographic print can last several hundreds of years and the oldest preserved writings are thousands of years old, but electronic data media longevity is measured in tens of years. And on top of that comes the rapid technology development that can make media incompatible before it breaks. Digital storage may become a black hole, you put things there but get nothing out. This could lead to a dark era from which we have almost no digital memories, according to him. But how realistic is this horror scenario? Let’s fill in some points that Mr. Cerf left out. The digital technology actually enables infinite life for our data, if used right. The old photograph starts to slowly degrade from day one and no copy of it is perfect. Digital info can be copied to a new media an infinite number of times without degrading quality. Any digital media has a limited lifetime. But the rapid technology development will silently solve this problem for most people. The computer becomes too old and slow before the magnetism starts to fade on the hard disk, and everything is copied to a fresh new computer. (* The need to regularly copy data to fresh media will also solve the compatibility problems. You will normally never need to access media that is more than some 5 – 10 years old. And media that young is still compatible. The floppy disks that usually are shown to illustrate incompatible media are over 25 years old. (* But what about the file formats? It will be easy to implement support for our current file formats in tomorrow’s computer systems. That will be done if there is a need for it. So don’t worry if you are using the common standard file formats like JPG-images, MS Word or PDF-documents. They will no doubt be supported for a long time. But this may be an issue if you are using some exotic and less common format. We are entering the era of cloud storage. Our data is transferred to professionally managed data centers that take care of both backup and periodical media renewal on our behalf. Sure, they can fail too. But they are in generic a lot more reliable than our own homebrewed backup procedures. The use of cloud storage introduces a new threat. How long will the cloud company be around? A good thing to think about before selecting where to store the data. Another big threat against our data is our own attitude. Handling digital data is very easy, including deleting it. We need to understand the value of our data to make sure it is preserved. Last but not least. A very big threat against all data, analog or digital, is inability to find it. My piles of old slide photo boxes are of little use as they only have some labels with year and place. Looking for a particular shot is a nightmare. But my digital collection can easily be searched for place, time, equipment, technical data, keywords, etc. The pre-digital era was really the dark age seen from this perspective! So to wrap up. Yes, the digital revolution brings new challenges that we need to be aware of. But luckily also good tools to deal with them. Digital storage will no doubt lead to personal data loss for many persons. Disks crash every day and data is lost. So there is a true risk that digital storage leads to a personal dark age for you, unless you handle your data right. But there’s absolutely no need to talk about a digital dark age in a broader sense. Historians will easily get enough information about our society. It doesn’t matter if some of us have lost our files, there’s still plenty to work on. Actually, data overload will be a more likely problem for them. Good news. The sky is not falling after all! Safe surfing, Micke (* This is assuming that you keep your files on the computer. These problems will become real if you archive files on external media, store it away for later use and remember them some 20 years later.
We have repeatedly countered the arguments that people don’t have anything to hide, and can comfortable ignore the privacy threats on the Internet. That’s a very unwise attitude and here’s some more examples why. We have also talked a lot about on-line scams and how to avoid them. A key challenge for any scammer is to be trustworthy in the eyes of the victim. And this is where your data enters the picture. I have written a story about how a scammer can be more convincing if he knows your travel plans. Let’s cover a more business-oriented case this time. A controller at a firm in Omaha, Nebraska received mails from the CEO asking him to make a series of money transfers to China, and he transferred a total of $17.2 millions. Yes, you guessed it. The sender was not the CEO and a scammer made a nice profit. The obvious lesson we learn in both these cases is naturally that mail isn’t trustworthy. Mail itself does not provide any kind of sender authentication. The sender address is easily faked. Authentication of the other part must rely on the mail contents, a cryptographic signature or information that only the perceived sender can know. And this leads us to the less obvious lesson we can learn here. It looks like the Ohama-scammer had information about the victim. He knew who can handle money transfers. He also knew that the CEO had some business in China, which made the transfers sound legit. He probably also knew that this person doesn’t meet the CEO face to face daily as that would have ruined the scam. Part of this info is publicly available, like the name of the CEO. We don’t know how he got hold of the rest, but it is obvious that it helped the scammer. So here we have an excellent example of how criminals can utilize tiny grains of info to scam huge piles of money. But what should this Ohama-company have done differently? The controller should have called the CEO to verify the transactions. The company should analyze what info the scammer had, and go through their security policies. And that is pretty much what private persons should do too. Learn to think critically when someone approaches you by mail and verify the sender if in doubt. Also guard all your data to make this kind of targeted attack as hard as possible. This company responded by firing the controller. That's not an option for you if you fall for a scam and let go of your own money. Safe surfing, Micke PS. Was it right to fire the controller? Hard to say. Part of the responsibility naturally lies on the one who was gullible enough to trust an e-mail. But it also depends on if the company had proper rules in place for validating transfer requests. Did he break any concrete rules when sending the money? If he didn't, then the company is responsible too. Photo by Images Money