Surely you have seen in the news the news that the wealthy, famous athletes and artists have become the favorite target of phone hacking. In some cases, security experts cannot state the reality of hacking, as the post-mortem study of mobile devices is too limited to even be able to confirm that the device has been compromised and to reconstruct what has happened. happened exactly.
Managers absolutely must consider the security of their laptops. The last thing they want is to be personally embarrassed, or professionally compromised, or both due to a phone leak.
These have become a surprisingly easy and very profitable target for hackers. There was a time when companies supplied their executives with professional phones containing only professional applications. Nowadays, our phones can contain intellectual property memos as well as our favorite pieces of music.
The hackers started by looking for dirty photos and embarrassing texting. Since then, they’ve moved on to installing mobile malware, ransomware and identity theft in order to infiltrate corporate information systems and recover confidential information from the phones of CEOs, board members administration and political leaders.
Let’s be clear. For the most part, your company’s most sensitive data is at risk because you access it regularly from your mobile phone. And hackers know it. We must take this into account and take the necessary measures to boost our cyber defense.
Mobile security threats evolve
When we use our laptop for professional tasks, we are increasing the attack surface of cyber threats. It is important to take this into account, as many companies
not only do not fully understand the threats hanging over these devices, but also lack the experienced personnel to deal with them with tools other than basic managers.
There are two major challenges related to threats on laptops:
– The wolf disguised as a lamb. The number of apps we can use on our phone is exploding. Apple and Google are doing a great job of securing their operating systems, but the security of third-party applications remains a concern. We have added many features to our phones, many of which have made it easier for cybercriminals to access our business contacts and their phone numbers. Criminals infiltrate our phones through fraudulent apps that suddenly find themselves having a second life or through vulnerabilities in common apps like WhatsApp. It’s not difficult for them to install professional malware for jailbreaking, spying, ransomware, or data infiltration.
– No place to hide. I’ll spare you the technical details, but keep in mind that mobile networks rely on vulnerable roaming protocols like SS7 or Diameter, which are easy targets for computer threats. Just having access to your phone number allows a hacker with minimal investment to locate you easily … or even take control of your incoming calls, texts or WhatsApp messages. These attack methods are not new, they are used for both professional espionage and large-scale online banking fraud. This is also the reason why banks no longer consider SMS as a reliable two-factor authentication method. All things considered, it is very difficult to protect yourself against this localization or against these remote handling attacks.
Good news, mobile cybersecurity is not as bad as the press seems to say. Current notebooks at the device level have solid security architectures. The ecosystem of the most popular phones – Apple’s iPhone and Google’s Android model – is highly secure, with hardware-based security and a good approach to isolation. And, unlike other “software exploits”, exploits to compromise a cell phone without your help would cost attackers millions. A hacker has to make a huge investment if he wants to compromise your phone to exfiltrate the data. However, are you going to take the risk of exposing your company’s most sensitive data with an overly light approach to security? Of course not.
What you can do now
There are three major steps that business leaders and public figures can and should take now to strengthen and toughen the security of their phones.
1 – Good safety hygiene. We are all busy with our work and making sure our cell phones and apps are up to date may not be a priority. But, if you use your phone a lot professionally, you need to be sure. In addition, antivirus for phones are just myths. Compared to our computers, an antivirus on a mobile phone will very often not be able to protect it against malicious applications. The reason is that the hardware architecture of the phone forces each application to be isolated from the others. However, there is a security check that is often overlooked on phones: network security. Rather than circulating everything on the Internet without care, you can use a secure VPN or a SASE (Secure Access Service Edge) solution. Such a solution will block sending to malicious sites or attempts to extract data.
2 – Good application hygiene. Any application on your phone can expose your data and act as a bridge to compromise your device. White and black application lists have become good practice rules for RSSIs and you should do the same on your home phone. For example, do you really need these five messaging apps? Do you automatically download content through your social apps? Do your children and grandchildren use your phones and download games?
3 – Good hygiene of confidentiality. I know it sounds like the lesson your parents taught you a long time ago, but still. Do not give your personal information, especially your phone number, to strangers. Knowing your number is enough for cybercriminals to locate you, physically and electronically, anywhere in the world. And remember that your colleagues, suppliers and customers save your number and other details of your contacts on their phones as well. This data can be easily retrieved by malicious applications installed in their phones to expose your number.
The more you use your phone for business, the more you are driving attacks on your company, its applications, its databases, and its data. It’s the same as leaving your house or factory door wide open and giving strangers a badge to access your mainframe and robotic equipment. It can only end badly.
As a manager, you should personally apply these best practices and ensure the deployment and implementation of effective mobile security procedures for all employees. You are in a unique position of strength to send the right message to your colleagues and employees. Your phone is just as much a computer as any workstation, laptop or server. Protect it just as much.