Mobile Device Security: Best Practices and Tools

Most real estate professionals own a mobile device that stores contacts and emails, and that provides access to social media and other online accounts. However, some real estate professionals may not realize that the documents they receive via email as part of the closing process are more sensitive than they think. Mobile devices create an information security risk that needs to be addressed. There are two basic categories of risk management when it comes to mobile devices: practices and tools.

The first practice is to physically protect the device. Information on the device is sensitive; don’t leave it sitting around unattended and unprotected. But that’s not a reliable practice – according to a 2010 Symantec study, 62% of us have lost a mobile device or had it stolen. So, additional care is required.

The second practice is to require authentication (login) to access the phone – a password or difficult-to-guess “swipe.” Most mobile devices have this capability now. Keep in mind that a dirty screen makes it easy to see a swipe pattern, so get in the habit of running your palm over the screen after you log in to your device.

The third practice is encryption, where the data is scrambled and requires a code or login to unscramble, so a thief can’t read the data off your device’s memory card. On some devices, encryption is the default, on others you have to turn it on, while on still others you have to use optional software, which I’ll come back to later in this article. Research your device carefully for encryption options.

The fourth practice is limiting Bluetooth, a capability that lets you add a wireless headset to your device but can also be very hackable. Set Bluetooth to “hidden mode” on your device, and disable it when not in use.

The fifth practice is limiting installation of third-party “apps.” If you download lots of apps from untrustworthy sources or written by companies you don’t know and trust, you may be installing dangerous software on your device. Take care, because you can’t depend on “app store” managers or website owners where you download software to be cautious for you.

Many tools are available to help you secure your mobile device in a variety of ways, including providing antivirus, encryption, and firewall-like features. They let you remotely lock and wipe data from the device, take a picture of the person using your device, sound an alarm (useful when you can’t find your phone, too!), and display information on the screen to help someone return a lost device. The following list is by no means comprehensive, but includes some of the better known and most trusted companies and products on the market.

Kaspersky (kaspersky.com): On the Windows Mobile, Symbian, Blackberry, and Android platforms, Kaspersky provides a tool which includes antivirus, lets you wipe data remotely, and lets you find your missing device on a Google map. This tool can provide encryption for Windows Mobile and Symbian.

McAfee (wavesecure.com): McAfee’s WaveSecure product, which works on Android, BlackBerry, Symbian, Windows Phone, Java-based devices, and iPhone, provides a wide variety of features varying by device. It lets you back up and restore your data, lock your phone remotely, sound an alarm, wipe your data, see where your phone is on a map, and display a message to prompt someone who has your device to return it. It can also send a text message alert if someone tries to put a new SIM card (memory) in your phone to try to prevent you from finding your phone. And it has a feature to prevent someone from un-installing the security software. On the iPhone, the features are limited to data backup and restoration and tracking the phone location.

AVG (avg.com): On the Android platform, AVG provides a tool which includes a phone locator, remote lock and data wiping, and antivirus, and even helps protect you when you surf the web by blocking pages it determines contain dangerous scripts or malware.

Norton (www.norton.com): Their Mobile Security product is usable with Android only, but is very full-featured. It provides antivirus/antimalware protection, blocks known fraudulent (phishing) websites, and lets you remotely locate, lock, and wipe data from your phone, display a “lost” message, grab a picture of the person using your device (if the device has a webcam), and sound an alarm.

Trend Micro (us.trendmicro.com): On the Android platform, this tool blocks known fraudulent (phishing) websites, allows you to locate, lock and wipe data from your device, and sound an alarm. If the SIM (memory) is taken from the device, it automatically locks the device and displays your customized “lost” message.

Security tools on the iPhone and iPad are limited because Apple has not cooperated very well with security vendors. Some security capabilities are built right into the Apple devices, especially if you add the optional MobileMe service, which allows you to find the device and remotely lock and wipe the data from it. But available third-party tools are fairly limited and new, and most haven’t been thoroughly reviewed by the security community. However, you may want to consider tools like Webroot SecureWeb Browser (itunes.apple.com), which attempts to block malicious websites, and GadgetTrak (gadgettrak.com), which can send you the device location and pictures of whoever is using it. If you have Intego (intego.com) VirusBarrier on your Mac, you can also use it to scan for viruses on your Apple mobile devices.

New threats and new security tools are emerging all the time, and mobile device security is really the new frontier of information security. If you follow the practices outlined above and continue to evaluate your mobile security tool options, then the mobile world should be a safer place for you, your data, and the data which others entrust to you.

Matt CohenAbout the author: Matt Cohen is Clareity Consulting’s Chief Technologist and leads its security assessment practice. Matt has spoken at many conferences, workshops, and leadership retreats around the country on security-related topics, and is a well-regarded real estate industry expert on real estate technology and information security. Clareity Consulting (www.callclareity.com) was founded in 1996 to provide management and information technology consulting to the real estate industry.