Eight tips for more secure mobile shopping

With the holiday shopping season upon us, users who are shopping using mobile devices need to take the proper steps to protect themselves and sensitive corporate data

mobile forensics

Online shopping trends point to lots of people, particularly men, using their smartphones and tablets to buy holiday presents. Since some of that browsing and buying will occur at work, experts say companies would be wise to give employees the following eight tips to protect themselves and corporate data.

[Retailers tracking customers via Wi-Fi suggests that privacy really is dead]

First up, the company's Wi-Fi network should be off limits for shopping. Administrators should block any device that is not authorized to access the network.

Most employees have their own data plans; so they can use their cellular provider's network to browse the web for bargains. That way, a malicious app on the phone won't have the opportunity to compromise the corporate network.

"It's not likely (to happen), but there is a risk," Ken Westin, security researcher at Tripwire, said Monday.

To prevent losing personal or business-related data, employees should avoid specialty apps from retailers and shop through their mobile browsers.

Apps are notorious for accessing more information on the phone than needed, such as contact lists. Symantec's latest Internet Security Threat Report rated information stealing as the top threat from mobile malware or overly aggressive ad networks.

When using the mobile browser, be sure the URL to the shopping site starts with "https," which indicates a secure connection with the site to protect important data, such as credit card numbers.

In addition, sensitive information, such as passwords, should not be stored in the browser. "Depending on the mobile browser, this information could be exposed for malicious purposes," Joe Schumacher, security consultant for Neohapsis, said.

Companies should remind employees to be wary of link-carrying text messages promising big deals on popular items. Clicking on the link to find the bargain can sometimes download malware or send the victim to a malicious website.

Apps promising huge discounts should also be avoided, and people should review carefully the permissions apps seek for accessing data and services on the smartphone. Denying unnecessary permissions "can reduce your risk of exposing mobile data to a malicious entity," Schumacher said.

[Mobile shopping remains stifled by security, ease of use]

Social media apps should also be watched closely, since scammers target such networks to embed malicious links. These apps present a particular risk, because they typically have broader access to data than other apps, Westin said. For example, social networks often tap into contact lists and photos.

Finally, employees should be advised to watch their phones more closely than usual and be cautious about using them in public. Thieves are looking for smartphones because of the resale value.

"It's like holding a $500 bill," Westin said. "(Employees) are more likely to have their phones stolen physically over the holidays."

This year, mobile sales on Thanksgiving and the day after, called Black Friday, accounted for nearly 26 percent and about 22 percent of total online sales, respectively, according to IBM's analysis of 800 U.S. retail websites. On both days, people spent significantly more with their mobile devices than a year ago.

That trend is expected to continue through the holiday shopping season. A survey of 1,400 consumers found that wealthier U.S. households are three times more likely than other respondents to shop with their mobile devices and seven times more likely to say there is no maximum price for items they would purchase, according to Tripwire, which released the study by Dimensional Research and OnePoll.

At the same, 50 percent more men than woman said the convenience of mobile shopping overrode security concerns. Men were also 50 percent more likely to shop with mobile devices.

To comment on this article and other CSO content, visit our Facebook page or our Twitter stream.
Insider: Hacking the elections: myths and realities
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.