- 23 March 2011 09:04
AVG Study Reveals Alarming Complacency on Security Among Users of Mobile Devices
The study confirmed AVG’s concerns about consumers’ indifference to the many serious security risks associated with the storage and transmission of sensitive personal data on iPhone, Blackberry and Android devices.
Following are four of the most alarming:
• 89 percent of respondents were unaware that smartphone applications can transmit confidential payment information such as credit card details without the user’s knowledge or consent.
• 91 percent of respondents were unaware that financial applications for smartphones can be infected with specialised malware designed to steal credit card numbers and online banking credentials, yet nearly a third (29 percent) report already storing credit and debit card information on their devices and 35 percent report storing “confidential” work related documents as well.
• 56 percent of respondents did not know that failing to properly log off from a social network app could allow an imposter to post malicious details or change personal settings without their knowledge. Of those aware, 37 percent were unsure whether or not their profiles had already been manipulated.
• 28 percent of respondents were unaware that using their smartphone for business and pleasure puts confidential business information at risk. Of those who did know, 12 percent were unsure whether sensitive business data was already exposed.
Other Smartphone security dangers include geo-tracking based on location data embedded onto image files; the transmission of confidential payment information without the user’s knowledge or consent; and unauthorised (and often unnoticed) premium-service orders on the monthly bill.
Dr Larry Ponemon, chairman and founder of the Ponemon Institute, said, "The findings of this study signal what could be an overlooked security risk for organisations created by employees' use of smartphones. Because consumers in our study report that they often use smartphones interchangeably for business and personal, organisations should make sure their security policies include guidelines for the appropriate use of smartphones that are used for company purposes.
“We have increasing responsibility to educate consumers on the dangers lurking in mobile broadband and to help users take ownership of their mobile data security,” said J.R. Smith, CEO, AVG Technologies. “The mobile Internet does not have to be a risky environment, though the industry must work together to encourage users to take action by downloading low-cost or free anti-virus products specifically designed to protect mobile data.”
He concluded, “In the last month alone, we’ve seen high profile mobile security lapses with dozens of infected applications being removed from Google’s Android App Store, and such occurrences will only become more frequent without action from the industry and consumers alike.”
More than nine million Android user community members have installed AVG’s free mobile security application, ANTIVIRUSFree, on their handsets to date. Additionally, the company believes that this number will continue to grow as more consumers are made aware of mobile security risks and the simple steps that can be taken to prevent attacks from occurring.
AVG ANTIVIRUSFree enables users to scan, identify and remove viruses, check apps for malware before downloading from app stores and check website content, emails and SMS before downloading data or content. If a device protected with ANTIVIRUSFree is lost or stolen, it can be locked and wiped to protect valuable data, and located quickly using GPS functionality.
AVG (AU/NZ) has a comprehensive range of security tips on its web site at http://www.avg.com.au/resources/security-tips/. For video tips from AVG (AU/NZ), see http://www.youtube.com/user/avgaunz.
Keep in touch with AVG (AU/NZ)
• For breaking news, follow AVG (AU/NZ) on Twitter at www.twitter.com/avgau
• Join our Facebook community at www.facebook.com/avgaunz
### ENDS ###
About the Ponemon Institute
The Ponemon Institute© is dedicated to advancing responsible information and privacy management practices in business and government. To achieve this objective, the Institute conducts independent research, educates leaders from the private and public sectors, and verifies the privacy and data protection practices of organizations in a variety of industries.
About AVG (AU/NZ) Pty Ltd — www.avg.com.au
Based in Melbourne, AVG (AU/NZ) Pty Ltd distributes the AVG range of Anti-Virus and Internet Security products in Australia, New Zealand and the South Pacific. AVG software solutions provide real-time protection against the malware, viruses, spam, spyware, adware, worms, Trojans, phishing and exploits used by cyber-criminals, hackers, scammers and identity thieves. AVG protects everything important and personal inside computers — documents, account details and passwords, music, photos and more — all while allowing users to work, bank, shop and play games online in safety. AVG provides outstanding technical solutions and exceptional value for consumers, small to medium business and enterprise clients. AVG delivers real-time protection across desktop, and notebook PCs, plus file and e-mail servers in the home and at work in SMBs, corporations, government agencies and educational institutions.
Talk to Us
Lloyd Borrett AVG (AU/NZ) 03 9581 0807
Shuna Boyd BoydPR 02 9418 8100
AVG Technologies – Investor Relations Siobhan MacDermott E-mail: firstname.lastname@example.org US Mobile: +1 415 299 2945 CZ Mobile: +420 725 695 132
Media resources, including logos, box shots, screen shots etc., are available online at: http://www.avg.com.au/media
Join the AVG Community for information, video content and pictures: http://www.flickr.com/photos/officialavg/sets/
Sign up now »
Use Splunk to search, alert and report in real time on any user, network, system or application activity, configuration changes, and other IT data from one place.
Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).
- Have an incident response plan.
- Pre-define your incident response team
- Define your approach: watch and learn or contain and recover.
- Pre-distribute call cards.
- Forensic and incident response data capture.
- Get your users on-side.
- Know how to report crimes and engage law enforcement.
- Practice makes perfect.
I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.