11 rules to improve mobile security
Mobile devices have inundated our lives. Smartphones, tablets, phablets, wearables, the list of mobiles and their variants is endless. People have stopped talking and started dat(a)ing in a big way. Communication through smart devices has clearly overwhelmed us like never before. People are buying, paying and living through their mobiles. Love and relationships can be activated through a single app.
We have reached a state where people use more than a single smart device at a time. As long as the smart-ness of smartphones was confined to individuals, the corporate world could afford to remain a silent bystander, but no longer. The BYOD or Bring Your Own Device is the new norm and not a single business can avoid the challenges which come with mobility in management.
Mobile Overview
The mobile landscape is diverse, but they have one thing in common -- each one of them can be hacked. You are in the danger of exposing your sensitive personal data, like bank particulars which can compromise not only your account but also put thousands and millions of accounts in jeopardy.
The dangers of using a smartphone go way beyond your pocket. Hackers can steal your personal data, like passwords which give access to your personal life, photographs, texts, chats, love life, heart rate and even your bedroom secrets. When people are told about the dangers, they usually shrug their shoulders and claim with a prim comment that these things happen to others, not to them.
Unfortunately, it’s a question of time before tragedy visits through their mobile and then it’s too late. You don’t really need technology to break into a mobile. Losing a mobile is easily accomplished -- many thousands do it routinely. They become easy targets for data thieves who don’t even have to steal anything.
Earlier, it was impossible to lug around a desktop computer and the chances of misplacing, losing and forgetting it in a movie hall were nil. Mobiles can and do go with you everywhere and it becomes easier to misplace. Your data is a sitting duck for those who are looking for such an opportunity.
To add to your woes, you keep all your sensitive data, personal and official, right inside your smartphone, unlike in the past when information concerning your office resided exclusively on your official desktop. Mobile security must therefore be given top priority by you.
Why Not Use a Safe Mobile?
The mobile security environment is quite fluid -- a perfectly safe smartphone today may become a terribly unsafe one tomorrow. Hackers are having a field day trying to break into the safest mobiles. Everyone has heard of the Apple iPhone saga concerning the FBI. It has been widely reported that the top notch investigative agency had to pay a cool million to an unknown private entity to pry open the San Bernardino iPhone.
The identity of the contractor is a closely held secret. The cloak and dagger game goes to highlight that even invincible mobile machines can be compromised by run of the mill hackers. However, the general opinion was that Apple iPhones are safe from intrusion. But the situation soon changed with the release of iOS 9.3.5.
The operating system was pried open to enable snooping into the data. Apple in response released a security patch in August 2016. Can anyone guarantee a perfectly safe smartphone in this scenario? Most unlikely. The situation with other mobile manufacturers and operating system providers is no better or even worse.
There are breaches galore in the Android based mobiles. There are many reasons why an Android is a better candidate than iPhones for hacking. The first major reported bug in Android-based smartphones happened in Android 4.4. This bug or vulnerability continues to bug this operating system ever since.
Google has smugly announced that it is looking into the matter, while billions of users are at risk of getting infected with malicious code. Some reports claim that Blackberry phones are the safest, but how many users does it have anyway? Hackers don’t want to waste their time hacking into phones which have no impact. The fun in the hacking game is to disrupt communication and compromise data in a big way.
Compromising a Blackberry would not give that kind of vicarious pleasure. The same logic applies to Microsoft mobile operating system. There will certainly be more attempts at intrusion if Windows Phone or Windows 10 Mobile operating system becomes more popular.
Ways to Compromise Mobile Security
From our discussion it seems that we are all sitting ducks for hackers and there is no way we can escape the mobile karma. Security can and will be compromised and there is no point running away from this truth. Fortunately, there are many ways to escape this morbid fate and manage to work with a secure mobile environment. To understand the escape routes, we must first grasp how smartphones get compromised in the first place.
The first and most important factor in mobile security is to safeguard them physically. It comes as no surprise when research suggests that most mobiles are compromised because of loss or theft. It’s quite easy to forget a mobile as compared to misplacing your desktop. Hackers can play mischief with your data and your bank balance if they get hold of your mobile.
From an organization point of view, a lost mobile can lead to irretrievable loss of official data when can be used to completely ruin them. Therefore, physical security must be emphasized when dealing with mobile users. The second issue is concerned with the original sin -- greed. Mobile users don’t want to pay for apps but want them free.
There are hackers who can highjack a mobile by inserting malicious software through apps. The iPhone users are protected to a certain extent from this malice. Those apps can only be downloaded from Apple's App Store and third party apps are prohibited. This does not stop abusers from jailbreaking the iPhone.
Users want to play with fire by going out of their way to compromise security. They save a few dollars without realizing that they are probably giving away millions in the form of breach in security. As far as Google is concerned, it has a laissez-faire attitude. Users can do as they wish and download apps from wherever they want. This puts the entire Android network in the vulnerable zone.
Not many Android users download apps from the official Google Play store. The risks involved in Android phones are comparatively higher than iOS. Security risk in using mobiles is greater than that from desktops because of the size. In fact, size matters when it comes to security.
Smaller memory means you can store a limited number of apps in your mobile. When you consider that mobile users want to cram everything -- from social media to office applications into a single mobile, there is very little space left for installing security apps. Moreover, security apps slow down mobiles. Imagine what would happen if users don’t get their dose of social media dope every minute?
They would go absolutely crazy and suffer from severe withdrawal symptoms. The lack of memory also means that mobile users won’t update their operating systems with security patches. This is like inviting hackers to visit your home for weekend lunch. A lot can happen in this time.
Security agencies find new and novel ways to protect mobile users from hackers waiting to setup unwary surfers. Social engineering is the new buzzword in security circles. The latest in this saga is the access to sensitive data of no less than the CBI director himself.
If you think that all security breaches are managed by mature and serious professionals, you are in for a very rude shock. It turns out that the guy who stole sensitive information of India's CBI director was a young teen who knew his way around the internet. The teenager used common techniques used by conmen to do what he did. He simply asked for information from the mobile service provider posing as the director himself.
You can decide for yourself whether to cry or laugh. Mobiles are used mainly to connect to social media sites, which have therefore become a hotbed of activity for hackers. Surprisingly a lot of data is waiting to be high jacked from your Facebook account and other similar sites. Safe surfing is the only way you can avoid a tragedy.
The Ten Commandments -- Plus One -- For Mobile Security
Eternal vigilance is the price you pay for liberty. Let’s look at some measures which can be taken to protect yourself from mobile security breaches. The ten commandments plus one of mobile security are:
- Never lose sight of your mobile -- even while visiting the loo -- especially while visiting the loo.
- Never hand over your mobile to a stranger. There are situations which demand that you ask someone to take care of your mobile. Negligence is a common human trait. Corporate must have a process in place to tackle and manage lost devices.
- Protect your mobile with a password. Okay, so you had to hand over your mobile to an unknown person! The password will give you protection for a few minutes. Everyone forgets to pick up his or her mobile from the bar after having a tipple. The person who finds it will have to first break your password. Mobiles now have fingerprint detection and protection. By setting your password with a timer, say for a minute, you can save yourself a few blushes.
- Data encryption is an old but most effective way to protect your data. Don’t think that a few photographs and personal chat are useless information. Cybercriminals know how to extract valuable information from what you consider as junk.
- Most mobiles can be setup for a remote wipe. You can wipe out the entire data from your mobile in case it gets lost or is stolen. There are many instances where owners wait a bit too long hoping that they will retrieve their mobile. Never get too attached to your mobile or the data. Your love for your mobile can be dangerous. Don’t wait for hackers to do their nefarious work. You must be strong and ruthless when pulling the trigger. Kill the data with a remote wipe and you will live to see another mobile.
- Another old trick is to back up your data regularly. If you do so, you will not regret wiping out the data in case of theft or loss. Make sure that you back-up in a secure place. Sometimes mobile users back-up their mobile data in such a secretive place that they are unable to recollect where they have stored it. This is not a laughing matter. You must make sure that the data is put in a secure but easily retrievable place.
- You must avoid the temptation of jail breaking iPhones or rooting Android devices. You may save a few pennies but you can lose big time if a malware is introduced by an app which you download for free. Businesses having a BYOD policy must have strict rules for downloading apps only from official sites. Monitoring app downloads must be a part of your cybersecurity policy. Free goodies are like the Trojan horse -- built to enter your security fortress.
- The cat and mouse game between mobile developers and cybercriminals is never ending. Operating systems have vulnerabilities which are discovered and exploited by hackers. Mobile operating system developers provide patches to counter cyber threats. Mobile users often ignore updating their software due to constraints like shortage of memory. Businesses must ensure that all users update their OS as and when security patches are made available.
- Public Wi-Fi is another source of attraction. Mobile users get carried away by the availability of free Wi-Fi. Hackers generally wait in these places to rob people of their data. Beware of using free Wi-Fi.
- You should never divulge information to unknown callers. Cyber criminals use social engineering in a big way to gather information. Never get carried away by nice girls offering themselves for free. Beware of lonely hearts looking for friendship online. These are dangerous places to go calling.
- You must protect your mobile with traditional anti-malware software. Many malicious software can be stopped from infecting your mobile with a simple security software.
Conclusion
The use of mobiles is growing exponentially. There are both opportunities and threats in using mobiles for official purposes. Use of BYOD policies is unavoidable. The only way to prosper in a mobile environment is to be vigilant. Effective communication to employees is essential to ensure mobile security.
Santosh Varughese, president, Cognetyx.
Published under license from ITProPortal.com, a Future plc Publication. All rights reserved.
Photo Credit: SFIO CRACHO/Shutterstock