SlideShare una empresa de Scribd logo
1 de 14
Descargar para leer sin conexión
A DIGITAL LIFE E-GUIDE
The 4Ws and 1H
of Mobile Privacy
The 4Ws and 1H of Mobile Privacy
You’ve been tinkering with your new
gadget for a few good days, sending email,
downloading apps, browsing Facebook and
whatnot, when all of a sudden, one of those
pesky pop-ups indiscreetly hogs your screen.
It’s another product page that’s not in any
way related to what you’re currently doing
on your device. But you do remember
seeing that page before. Perhaps it’s
because you just searched for it earlier, yet
why does it suddenly feel like it’s searched
for you instead?
That’s just one example of how your privacy
is breached even while using mobile devices.
What do you do to protect your privacy from
mobile threats like this?
Who?
You and your right
to mobile privacy
The United Nations recognizes everyone’s
inherent right to privacy.1
This right is violated every time someone tries
to access your personal information, in any
form or platform, without lawful reason or your
consent. If a friend, for example, borrows your
smartphone to spy on your Facebook account,
he or she disregards your right to privacy.
Cybercriminals are notorious violators of mobile
privacy. They create malicious apps such as
data stealers, which target your personal and
financial information. Free, high-risk apps
also pose a number of privacy issues with the
amount and type of information they collect. For
instance, some of Germany’s top Android apps
can possibly expose your location, equipment
identity, and address book.2
1	 http://www.un.org/en/documents/udhr/index.shtml#a12
2	 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you-
know-what-data-your-mobile-app-discloses/
What?
Key areas to look over
Your Device’s Connectivity Features
Your device’s connectivity features are viable ways
for cybercriminals to get information from you.
These features are seen as locked doors they have
to pick to get in. Such is the case of Bluetooth
and wireless connections, both are intended to
make communication easier but they can also be
used for malicious reasons. Cybercriminals have
accomplished this on Mac desktops using the
INQTANA worm, which is able to send malicious files
to available Bluetooth devices that accept them. The
worm opens computers to further malicious routines,
like malware dropping and information theft.
More manufacturers are incorporating near field
communication (NFC) standards on devices as well.
This technology allows you to share content, make
payments, or perform other external transactions
with a tap on a scanner. As convenient as it may
sound, this can also be a point of entry for malicious
routines.3
3	http://blog.trendmicro.com/trendlabs-security-intelligence/good-nfc-habits/
Your Device Settings
Default device settings can be seen as strongly-
worded suggestions that you can further optimize
for added protection. This means, you are allowed
to change your mobile device’s security settings
to make sure no one has easy access to it.
Your Mobile Behavior
Having mobile devices can make you surf online
more frequently, but does it change your behavior
when it comes to security? Remember that you
become more vulnerable to mobile threats as you
immerse yourself in mobile activities like social
networking, shopping, and banking. Oversharing,
not checking app permissions, and clicking on
malicious links are ways to invite cybercriminals.
When it comes to app usage, you have mobile
adware to consider. Although most advertising
networks are perfectly legitimate, some are
known to collect personal information and push
ads as notifications, often without user consent.4
At least 7,000 free apps using aggressive
advertising modules were downloaded over a
million times as of October 2012.
4	http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_
mothly_mobile_review_201209_the_growing_problem_of_mobile_ad-
ware.pdf
How?
“Privacy in peril” scenarios
Free Apps
Who doesn’t love free stuff? There are thousands
of free apps from legitimate and third-party app
providers you can choose from. But downloading
free apps often has a trade-off: free service for your
personal information.5
Surprisingly, a majority of consumers (73%) are willing
to trade personal information if they get something in
return, like free mobile service. Remember that even
the smallest bit information you give, like an address
or a birthday, is all that cybercriminals need to take
advantage of you.
Device Loss or Theft
In a survey done in September 2012, nearly one in
three cellphone owners lost their device or had it
stolen from them.6
Even if you try to guard your apps
and device settings, when you lose your phone, the
information it has can still put you in a sticky situation.
This is more so because of an existing lucrative market
for stolen devices and the information they contain.7
5	http://www.pwc.com/sg/en/tice/assets/ticenews201208/consumerintelli-
gence201208.pdf
6	http://online.wsj.com/article/SB10001424052702303815404577334152199453
024.html
7	http://online.wsj.com/article/SB10001424052702303815404577334152199453
024.html
Ever-Changing End-User License Agreements
(EULAs)
You’ve seen it before, those online services asking you to
agree that they can change their EULAs at any time, with or
without notice. Home movie provider, Blockbuster.com, was
rejected in court for using the said line to their privacy policy.8
However, this doesn’t seem to stop popular services from
applying caveats on EULAs that are detrimental to user
privacy.9
By not reading EULAs, you may already be allowing
developers to sell your photos, track your web activities, or
hand over personal information to authorities.
Bring Your Own Device (BYOD)
Three in four companies allow employees to use their
personal devices such as laptops, netbooks, smartphones,
and tablets for work-related activities.10
As the BYOD trend
continues, cybercriminals will use it as a motivation to get
past your defenses to access both your personal and work
information.
It’s not just cybercriminals, though. Your company’s
IT department can use a set of protocols that do not
differentiate personal from work-related data, allowing them
access to your information.
Your device can also be used as evidence in court. You can be
obliged to submit the device for review, with all information
intact, even if only work-related information is pertinent to
the case.11
8	http://www.jdsupra.com/post/documentViewer.aspx?fid=3897327d-161d-49df-b31c-
0b448bb1898a
9	http://business.time.com/2012/08/28/7-surprising-things-lurking-in-online-terms-
of-service-agreements/
10	http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive-
analytics-consumerization-surveys.pdf
11	http://consumerization.trendmicro.com/consumerization-byod-privacy-personal-data-
loss-and-device-seizure/
Why?
All about the money
Cybercrime is driven by one agenda: money. Your
mobile devices are simply a means to an end for
cybercriminals. They gain by stealing the information
stored on your smartphones and tablets and then
finding ways use them for profit.
And just like your data, your reputation is also at stake
every time a cybercriminal gets hold of incriminating
information against you or the organizations you
represent. There are malware, like the SMS spy tool
for Android, that steal private SMS messages and
uploads them to a remote server.
What you stand to lose in the case of a mobile privacy
breach really depends on how you use your device.12
12	http://about-threats.trendmicro.com/RelatedThreats.aspx?language=de&nam
e=PIXSTEAL+and+PASSTEAL+Sport+New+Ways+To+Steal+Data
Mobile privacy breaches may appear to be easy
for cybercriminals, considering the problem areas
discussed. However, there are still stops you can pull to
prevent being victim to such scenarios.
Follow this General Checklist:
□□ Control how much information your device shares by
changing its privacy and browser settings. Here you
can tweak settings on location and network sharing.
□□ Activate screen locks, and change your passwords
every three months to minimize chances of hacking.
□□ Remove compromising photos, videos, and files that
you’re not comfortable with from your device.
□□ Regularly clear your mobile browser cache to escape
data leakage in case a malware tries to sniff your
device for information.
□□ Monitor your app and account settings, to make sure
sharing and connectivity are secure.
□□ Adjust your device’s data encryption and configure
your passwords.
What now?
Reinforce your privacy
Pay Attention to Apps
•  Remove apps not in use.
•  Select which apps really need location or address book access.
•  Use your mobile browsers’ or browser apps’ private browsing
settings, especially for sensitive banking transactions.
Prepare for Device Loss or Theft
•  Take note of your account credentials or use a convenient
password manager in case you need to reset them because of
device loss or theft.
•  Backup files in the cloud. Trend Micro™ Mobile Backup and
Restore automatically stores the irreplaceable information
from your device without wasting its battery life.
•  Prepare to contact the authorities, your service provider, and
any concerned organization to avoid the malicious use of
your identity and to block bill charges.
•  Enroll your devices to a remote service that allows you to find,
lock, or wipe them. Trend Micro™ Mobile Security Personal
Edition does these and prevents uninstallation without your
password.
Ask these about BYOD Agreements
•  Are you required to produce personal devices for forensic
analysis?
•  Does this apply to devices shared with other family members?
•  Who will get access to the personal information stored in your
device?
•  Can your company track your location? Under what
circumstances can this happen? Are you required to let them?
Do they notify you if they do this?
•  Are these systems active outside regular work hours?
•  Are your personal online activity monitored and logged?
•  Is this information retained when you leave your
organization?
©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro,
Incorporated. All other product or company names may be trademarks or registered trademarks of their owners.
TRENDLABSSM
TrendLabs is a multinational research, development,
and support center with an extensive regional
presence committed to 24 x 7 threat surveillance,
attack prevention, and timely and seamless solutions
delivery. With more than 1,000 threat experts and
support engineers deployed round-the-clock in labs
located around the globe, TrendLabs enables Trend
Micro to continuously monitor the threat landscape
across the globe; deliver real-time data to detect, to
preempt, and to eliminate threats; research on and
analyze technologies to combat new threats; respond
in real time to targeted threats; and help customers
worldwide minimize damage, reduce costs, and ensure
business continuity.
TREND MICRO™
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global
cloud security leader, creates a world safe for exchanging
digital information with its Internet content security
and threat management solutions for businesses and
consumers. A pioneer in server security with over
20 years’ experience, we deliver top-ranked client, server
and cloud-based security that fits our customers’ and
partners’ needs, stops new threats faster, and protects data
in physical, virtualized and cloud environments. Powered
by the industry-leading Trend Micro™ Smart Protection
Network™ cloud computing security infrastructure, our
products and services stop threats where they emerge—
from the Internet. They are supported by 1,000+ threat
intelligence experts around the globe.

Más contenido relacionado

Último

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding TeamAdam Moalla
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideHironori Washizaki
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?IES VE
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8DianaGray10
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdfPaige Cruz
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7DianaGray10
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...Aggregage
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAshyamraj55
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6DianaGray10
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsSafe Software
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfDianaGray10
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxMatsuo Lab
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1DianaGray10
 

Último (20)

9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team9 Steps For Building Winning Founding Team
9 Steps For Building Winning Founding Team
 
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK GuideIEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
IEEE Computer Society’s Strategic Activities and Products including SWEBOK Guide
 
How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?How Accurate are Carbon Emissions Projections?
How Accurate are Carbon Emissions Projections?
 
UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8UiPath Studio Web workshop series - Day 8
UiPath Studio Web workshop series - Day 8
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf99.99% of Your Traces  Are (Probably) Trash (SRECon NA 2024).pdf
99.99% of Your Traces Are (Probably) Trash (SRECon NA 2024).pdf
 
UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7UiPath Studio Web workshop series - Day 7
UiPath Studio Web workshop series - Day 7
 
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
The Data Metaverse: Unpacking the Roles, Use Cases, and Tech Trends in Data a...
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
201610817 - edge part1
201610817 - edge part1201610817 - edge part1
201610817 - edge part1
 
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPAAnypoint Code Builder , Google Pub sub connector and MuleSoft RPA
Anypoint Code Builder , Google Pub sub connector and MuleSoft RPA
 
UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6UiPath Studio Web workshop series - Day 6
UiPath Studio Web workshop series - Day 6
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration WorkflowsIgniting Next Level Productivity with AI-Infused Data Integration Workflows
Igniting Next Level Productivity with AI-Infused Data Integration Workflows
 
20230104 - machine vision
20230104 - machine vision20230104 - machine vision
20230104 - machine vision
 
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdfUiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
UiPath Solutions Management Preview - Northern CA Chapter - March 22.pdf
 
Introduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptxIntroduction to Matsuo Laboratory (ENG).pptx
Introduction to Matsuo Laboratory (ENG).pptx
 
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1UiPath Platform: The Backend Engine Powering Your Automation - Session 1
UiPath Platform: The Backend Engine Powering Your Automation - Session 1
 

Destacado

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...DevGAMM Conference
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationErica Santiago
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellSaba Software
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming LanguageSimplilearn
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...Palo Alto Software
 

Destacado (20)

Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity -  Best PracticesTime Management & Productivity -  Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
Ride the Storm: Navigating Through Unstable Periods / Katerina Rudko (Belka G...
 
Barbie - Brand Strategy Presentation
Barbie - Brand Strategy PresentationBarbie - Brand Strategy Presentation
Barbie - Brand Strategy Presentation
 
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them wellGood Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
Good Stuff Happens in 1:1 Meetings: Why you need them and how to do them well
 
Introduction to C Programming Language
Introduction to C Programming LanguageIntroduction to C Programming Language
Introduction to C Programming Language
 
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
The Pixar Way: 37 Quotes on Developing and Maintaining a Creative Company (fr...
 

The 4Ws and 1H of Mobile Privacy

  • 1. A DIGITAL LIFE E-GUIDE The 4Ws and 1H of Mobile Privacy
  • 3. You’ve been tinkering with your new gadget for a few good days, sending email, downloading apps, browsing Facebook and whatnot, when all of a sudden, one of those pesky pop-ups indiscreetly hogs your screen. It’s another product page that’s not in any way related to what you’re currently doing on your device. But you do remember seeing that page before. Perhaps it’s because you just searched for it earlier, yet why does it suddenly feel like it’s searched for you instead? That’s just one example of how your privacy is breached even while using mobile devices. What do you do to protect your privacy from mobile threats like this?
  • 4. Who? You and your right to mobile privacy
  • 5. The United Nations recognizes everyone’s inherent right to privacy.1 This right is violated every time someone tries to access your personal information, in any form or platform, without lawful reason or your consent. If a friend, for example, borrows your smartphone to spy on your Facebook account, he or she disregards your right to privacy. Cybercriminals are notorious violators of mobile privacy. They create malicious apps such as data stealers, which target your personal and financial information. Free, high-risk apps also pose a number of privacy issues with the amount and type of information they collect. For instance, some of Germany’s top Android apps can possibly expose your location, equipment identity, and address book.2 1 http://www.un.org/en/documents/udhr/index.shtml#a12 2 http://blog.trendmicro.com/trendlabs-security-intelligence/do-you- know-what-data-your-mobile-app-discloses/
  • 6. What? Key areas to look over Your Device’s Connectivity Features Your device’s connectivity features are viable ways for cybercriminals to get information from you. These features are seen as locked doors they have to pick to get in. Such is the case of Bluetooth and wireless connections, both are intended to make communication easier but they can also be used for malicious reasons. Cybercriminals have accomplished this on Mac desktops using the INQTANA worm, which is able to send malicious files to available Bluetooth devices that accept them. The worm opens computers to further malicious routines, like malware dropping and information theft. More manufacturers are incorporating near field communication (NFC) standards on devices as well. This technology allows you to share content, make payments, or perform other external transactions with a tap on a scanner. As convenient as it may sound, this can also be a point of entry for malicious routines.3 3 http://blog.trendmicro.com/trendlabs-security-intelligence/good-nfc-habits/
  • 7. Your Device Settings Default device settings can be seen as strongly- worded suggestions that you can further optimize for added protection. This means, you are allowed to change your mobile device’s security settings to make sure no one has easy access to it. Your Mobile Behavior Having mobile devices can make you surf online more frequently, but does it change your behavior when it comes to security? Remember that you become more vulnerable to mobile threats as you immerse yourself in mobile activities like social networking, shopping, and banking. Oversharing, not checking app permissions, and clicking on malicious links are ways to invite cybercriminals. When it comes to app usage, you have mobile adware to consider. Although most advertising networks are perfectly legitimate, some are known to collect personal information and push ads as notifications, often without user consent.4 At least 7,000 free apps using aggressive advertising modules were downloaded over a million times as of October 2012. 4 http://about-threats.trendmicro.com/us/mobilehub/mobilereview/rpt_ mothly_mobile_review_201209_the_growing_problem_of_mobile_ad- ware.pdf
  • 8. How? “Privacy in peril” scenarios Free Apps Who doesn’t love free stuff? There are thousands of free apps from legitimate and third-party app providers you can choose from. But downloading free apps often has a trade-off: free service for your personal information.5 Surprisingly, a majority of consumers (73%) are willing to trade personal information if they get something in return, like free mobile service. Remember that even the smallest bit information you give, like an address or a birthday, is all that cybercriminals need to take advantage of you. Device Loss or Theft In a survey done in September 2012, nearly one in three cellphone owners lost their device or had it stolen from them.6 Even if you try to guard your apps and device settings, when you lose your phone, the information it has can still put you in a sticky situation. This is more so because of an existing lucrative market for stolen devices and the information they contain.7 5 http://www.pwc.com/sg/en/tice/assets/ticenews201208/consumerintelli- gence201208.pdf 6 http://online.wsj.com/article/SB10001424052702303815404577334152199453 024.html 7 http://online.wsj.com/article/SB10001424052702303815404577334152199453 024.html
  • 9. Ever-Changing End-User License Agreements (EULAs) You’ve seen it before, those online services asking you to agree that they can change their EULAs at any time, with or without notice. Home movie provider, Blockbuster.com, was rejected in court for using the said line to their privacy policy.8 However, this doesn’t seem to stop popular services from applying caveats on EULAs that are detrimental to user privacy.9 By not reading EULAs, you may already be allowing developers to sell your photos, track your web activities, or hand over personal information to authorities. Bring Your Own Device (BYOD) Three in four companies allow employees to use their personal devices such as laptops, netbooks, smartphones, and tablets for work-related activities.10 As the BYOD trend continues, cybercriminals will use it as a motivation to get past your defenses to access both your personal and work information. It’s not just cybercriminals, though. Your company’s IT department can use a set of protocols that do not differentiate personal from work-related data, allowing them access to your information. Your device can also be used as evidence in court. You can be obliged to submit the device for review, with all information intact, even if only work-related information is pertinent to the case.11 8 http://www.jdsupra.com/post/documentViewer.aspx?fid=3897327d-161d-49df-b31c- 0b448bb1898a 9 http://business.time.com/2012/08/28/7-surprising-things-lurking-in-online-terms- of-service-agreements/ 10 http://www.trendmicro.com/cloud-content/us/pdfs/business/white-papers/wp_decisive- analytics-consumerization-surveys.pdf 11 http://consumerization.trendmicro.com/consumerization-byod-privacy-personal-data- loss-and-device-seizure/
  • 11. Cybercrime is driven by one agenda: money. Your mobile devices are simply a means to an end for cybercriminals. They gain by stealing the information stored on your smartphones and tablets and then finding ways use them for profit. And just like your data, your reputation is also at stake every time a cybercriminal gets hold of incriminating information against you or the organizations you represent. There are malware, like the SMS spy tool for Android, that steal private SMS messages and uploads them to a remote server. What you stand to lose in the case of a mobile privacy breach really depends on how you use your device.12 12 http://about-threats.trendmicro.com/RelatedThreats.aspx?language=de&nam e=PIXSTEAL+and+PASSTEAL+Sport+New+Ways+To+Steal+Data
  • 12. Mobile privacy breaches may appear to be easy for cybercriminals, considering the problem areas discussed. However, there are still stops you can pull to prevent being victim to such scenarios. Follow this General Checklist: □□ Control how much information your device shares by changing its privacy and browser settings. Here you can tweak settings on location and network sharing. □□ Activate screen locks, and change your passwords every three months to minimize chances of hacking. □□ Remove compromising photos, videos, and files that you’re not comfortable with from your device. □□ Regularly clear your mobile browser cache to escape data leakage in case a malware tries to sniff your device for information. □□ Monitor your app and account settings, to make sure sharing and connectivity are secure. □□ Adjust your device’s data encryption and configure your passwords. What now? Reinforce your privacy
  • 13. Pay Attention to Apps •  Remove apps not in use. •  Select which apps really need location or address book access. •  Use your mobile browsers’ or browser apps’ private browsing settings, especially for sensitive banking transactions. Prepare for Device Loss or Theft •  Take note of your account credentials or use a convenient password manager in case you need to reset them because of device loss or theft. •  Backup files in the cloud. Trend Micro™ Mobile Backup and Restore automatically stores the irreplaceable information from your device without wasting its battery life. •  Prepare to contact the authorities, your service provider, and any concerned organization to avoid the malicious use of your identity and to block bill charges. •  Enroll your devices to a remote service that allows you to find, lock, or wipe them. Trend Micro™ Mobile Security Personal Edition does these and prevents uninstallation without your password. Ask these about BYOD Agreements •  Are you required to produce personal devices for forensic analysis? •  Does this apply to devices shared with other family members? •  Who will get access to the personal information stored in your device? •  Can your company track your location? Under what circumstances can this happen? Are you required to let them? Do they notify you if they do this? •  Are these systems active outside regular work hours? •  Are your personal online activity monitored and logged? •  Is this information retained when you leave your organization?
  • 14. ©2013 by Trend Micro, Incorporated. All rights reserved. Trend Micro and the Trend Micro t-ball logo are trademarks or registered trademarks of Trend Micro, Incorporated. All other product or company names may be trademarks or registered trademarks of their owners. TRENDLABSSM TrendLabs is a multinational research, development, and support center with an extensive regional presence committed to 24 x 7 threat surveillance, attack prevention, and timely and seamless solutions delivery. With more than 1,000 threat experts and support engineers deployed round-the-clock in labs located around the globe, TrendLabs enables Trend Micro to continuously monitor the threat landscape across the globe; deliver real-time data to detect, to preempt, and to eliminate threats; research on and analyze technologies to combat new threats; respond in real time to targeted threats; and help customers worldwide minimize damage, reduce costs, and ensure business continuity. TREND MICRO™ Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cloud security leader, creates a world safe for exchanging digital information with its Internet content security and threat management solutions for businesses and consumers. A pioneer in server security with over 20 years’ experience, we deliver top-ranked client, server and cloud-based security that fits our customers’ and partners’ needs, stops new threats faster, and protects data in physical, virtualized and cloud environments. Powered by the industry-leading Trend Micro™ Smart Protection Network™ cloud computing security infrastructure, our products and services stop threats where they emerge— from the Internet. They are supported by 1,000+ threat intelligence experts around the globe.