Tuesday, 14 May 2013

Helping ordinary mobile phone users manage their security

My company recently completed some work for the UK Police about giving some basic guidance on mobile phone security. It seemed to them (and to us) that there is a gap between the daily deluge from the media of new threats to mobile users and understanding the real situation (which is often highly technical). What this often means is that users are just completely forgotten in a sea of meaningless rhetoric. People using phones inevitably then do the wrong thing. We also found that the organisations setting policies also want to give basic advice to people about how they use their phones in their daily lives.

We wrote quite a long whitepaper (which will soon be available as a booklet) but with the help of the excellent team at Beyond Design, we decided to also create a leaflet that was easy to understand and which would capture the main points easily. After all, what we're looking for is for people to remember and adopt the advice we're giving out. The advice covers things like:

  • Personal safety
  • Lost and stolen devices
  • Using the features of your device securely
  • The types of threats you need to be aware of
  • Things that you can do to mitigate security issues or to help prevent them happening

We've had some good initial feedback and I understand a couple of universities in the UK are looking to distribute the leaflets for their students too.

What risks are you taking?
Free leaflet

I've decided to make the leaflet freely available for download and printing - you can take the print ready version and send it to a local printers or online service and then use it for your own purposes. Just click the links below to get a copy:

Mobile Security Advice leaflet (online version)
Mobile Security Advice leaflet (print-ready version)

I hope this is useful to people and we'd love to hear your feedback and who you've given the leaflets to. Drop us a line or add a comment below!


A note on giving out advice

The danger of course with doing something like this is that we a) miss something important or give bad advice and that b) the advice would be impractical and be ignored. We would hope that we have given out good advice based on our own experience, but please let us know if you really disagree with something. We acknowledge that there is a risk of b), but we also acknowledge that giving people nothing and just leaving them to fend for themselves is ultimately worse. Everything we do from a security perspective in our personal lives is about risk management decisions (or risk avoidance). Just as not every alley is going to have some guy lurking down it waiting to rob you, not every open WiFi connection you connect to is going to be compromised. It's good to be at least 'aware' of the risks though.


2 comments:

  1. David, This is really good. I can see that there was a lot of debate on exactly what items to put in here. Slightly surprised that SIM PIN is not there other than in a general sense. And purchasing second hand phones you just say don't, rather than checking the chekmend report?

    ReplyDelete
  2. Thanks Stuart, yes you are right - it is always difficult to decide what to keep in and what to leave out. To address your points:

    * The SIM PIN has lesser value these days because it will only be used when the phone is turned on (most people leave their phones on all the time now). It also doesn't prevent the other features of a device being used, it just prevents use of telephony, if the phone was off.
    * On second hand phones - users don't know what they're getting - it could be rooted and primed with malware, not just potentially being stolen goods.

    ReplyDelete