December 03, 2013 — CSO — Online shopping trends point to lots of people, particularly men, using their smartphones and tablets to buy holiday presents. Since some of that browsing and buying will occur at work, experts say companies would be wise to give employees the following eight tips to protect themselves and corporate data.
First up, the company's Wi-Fi network should be off limits for shopping. Administrators should block any device that is not authorized to access the network.
Most employees have their own data plans; so they can use their cellular provider's network to browse the web for bargains. That way, a malicious app on the phone won't have the opportunity to compromise the corporate network.
"It's not likely (to happen), but there is a risk," Ken Westin, security researcher at Tripwire, said Monday.
To prevent losing personal or business-related data, employees should avoid specialty apps from retailers and shop through their mobile browsers.
Apps are notorious for accessing more information on the phone than needed, such as contact lists. Symantec's latest Internet Security Threat Report rated information stealing as the top threat from mobile malware or overly aggressive ad networks.
When using the mobile browser, be sure the URL to the shopping site starts with "https," which indicates a secure connection with the site to protect important data, such as credit card numbers.
In addition, sensitive information, such as passwords, should not be stored in the browser. "Depending on the mobile browser, this information could be exposed for malicious purposes," Joe Schumacher, security consultant for Neohapsis, said.
Companies should remind employees to be wary of link-carrying text messages promising big deals on popular items. Clicking on the link to find the bargain can sometimes download malware or send the victim to a malicious website.
Apps promising huge discounts should also be avoided, and people should review carefully the permissions apps seek for accessing data and services on the smartphone. Denying unnecessary permissions "can reduce your risk of exposing mobile data to a malicious entity," Schumacher said.
Social media apps should also be watched closely, since scammers target such networks to embed malicious links. These apps present a particular risk, because they typically have broader access to data than other apps, Westin said. For example, social networks often tap into contact lists and photos.
Finally, employees should be advised to watch their phones more closely than usual and be cautious about using them in public. Thieves are looking for smartphones because of the resale value.