Mobile Security

Mobile Security

While anyone has access the internet, anyone on the internet can now have access to you. Personal as well as professional data is now stored on our mobile devices and the growth in digital forensics and sophistication of data theft means that the ability to harvest the geodata, emails, notes, photos, financial information and other sensitive information from our tablets, mobiles and notepads is more common than ever.

Mobile attacks usually happen when we are attempting to access our device through an unfamiliar network. For instance – imagine you’ve just landed late into the airport, you are keen to get to your meeting as soon as possible and need to get access to the photographs you took of the whiteboard notes from your last session. As a regular flyer, you visit the nearest coffee shop where your phone reconnects to the Wi-Fi. You access your company’s secure network and download a copy of the pictures along with additional financial material to review in the train afterward. Unfortunately, an individual has set up a twin of the Wi-Fi access point and disabled the original. This means that your phone connects automatically and the individual can review your sensitive information. In a worst-case scenario, malicious software can be embedded in your handset which is then returned to your office, linked to your in-house Wi-Fi and spreads to infect other devices on the network.

When dealing with mobile connection security, there are a few ways in which you can be caught out:
  • SMS/MMS:This is less common today, as we text less and message more, but it does still happen. A simple text message can be sent using a character string that can actually disable your device. In fact, 2015 saw the iPhone disabled with a short text string. This sort of malware can be spread rapidly from phonebook to phonebook resulting in a ‘Denial of Service’ attack or harvesting user data before passing it on to the next recipient.
  • Bluetooth:‘Bluesnarfing’ and ‘Bluebugging’ allows shady characters to access a phone and download its data. Once accessed, the user can then covertly pair it with another device and re-access data whenever they like.
  • Physical Access:Even an unsupervised phone can be quickly broken into and tampered with. A multitude of guides are freely available online, and a recent episode of the popular TV show “Mr. Robot” infamously showed how easy it was to clone a phone in real time.
In order to avoid these issues in your organisation, just take these four easy steps:

a) Every device needs to have anti-malware software Ensure that any mobile devices being used have up-to-date malware software and that regular scans take place.

b) Prevent unauthorised 3rdparty software from being added Many games or apps allow access to the key data on the device. If the application is compromised, that harvested information is instantly made available to other users and compromises your security measures no matter how rigorous they are.

c) Choose ‘secure’ devices Make sure that any mobile devices being used are all agreed within your organisation and check their security against sites such as staysafeonline.

d) Regularly test the integrity of your security Once your security measures are in place, make sure they are regularly tested using penetration testing and ensure that all security software is up to date.

Be prepared: As an industry, mobile security is moving from strength to strength given the proliferation of handset types, data-sharing options and the sheer reliance that organisations have on mobile technology in a global marketplace. With cloud based solutions and the rise of software as a service, integrating mobile security for clients accessing your product is also increasingly important. Here are a few ways in which you can be prepared for any mobile security breaches:

Secure backups: Manufacturers such as Apple regularly upload key information to the cloud. Do not store anything on your phone that you would not want to see leaked.

Phone locking/security: Make sure that your security is up to date. When in a public place always ensure that your Bluetooth is not turned on unless absolutely necessary to prevent intrusion attempts.

What’s held on the phone: Make sure that no sensitive information is held on your phone and if it is, ensure that it is cleared from the device as soon as possible. Additional security ca be provided by using apps such as Bitdefender, 360 security or ESET.

Read more about mobile security trends in this section.