By David Dick | STC Fellow
The convenience of mobility and an infinite number of mobile applications has changed the way we use a smartphone. Consequently, we store a lot of personal information on a smartphone such as email addresses, passwords, travel information, driver's licenses, personal identification numbers, boarding passes, credit card numbers, bank account numbers, telephone numbers, and photographs. Would you want someone to break into your smartphone and retrieve the data for nefarious use? Obviously not, but nevertheless, few of us take the same precautions to protect our smartphone that we do for our laptop or desktop because we do not want to complicate its use.
You probably have a password set on your laptop and run virus protection software. You might protect documents with a password, which isn’t foolish or impractical given how easy it is to break into a computer. Unfortunately, many of us do not want to enter a password every time we use our smartphone because it’s an inconvenience. Likewise, we do not want to re-enter a user ID and password every time we access a mobile application, so we allow applications to remember our user ID and password. In so doing, we trade security for usability by making it easier for someone to access our data if we lose our smartphone.
Smartphones are easily stolen. You could be waiting for a bus or taxi while reading email, or walking with your smartphone in your hand (which everyone does) and a thief grabs it and runs. Smartphones have a feature that causes them to turn off after several minutes of inactivity, thereby requiring a password to re-open it. Unfortunately, most people turn off the feature because it makes the smartphone inconvenient to use.
We trade security for usability when we use public WiFi networks. Most WiFi networks cost nothing, such as those available at hotels, libraries, restaurants, and coffee shops. Other WiFi networks require a small fee to connect. A WiFi network offers the advantage of reducing the use of our smartphone’s data plan. But did you know that it’s possible for someone to run a network detection application from a smartphone and scan the users logged into the WiFi to view their activity? The solution is simple: use your data plan instead of a public WiFi network.
It's easy to forget our smartphone on a bus, at a restaurant, bar, office, or coffee shop—it happens all the time. All smartphones have a feature that locks the device after three unsuccessful attempts to enter a password. However, if you do not require a password to access the smartphone, the feature won't work.
The smartphone’s operating system and web applications receive periodic updates that fix bugs and security vulnerabilities. Many users ignore installing the updates because they don’t know that by not updating, they're leaving the smartphone open to viruses, malware, and hacking. However, installing the fixes and security patches is as simple as tapping the “update” button.
We err in judgement when we trade security for usability, which I refer to as ‘convenience of use.’ When it comes to protecting mobile devices and the data they contain, there’s no compromise for security.