Subscribe

The spy in an executive's pocket: the cellphone

Every cellphone and tablet user in business needs to be highly aware, says Ryan van de Coolwijk, Cyber Insurance Product Manager at Hollard Broker Markets.

By Ryan van de Coolwijk, cyber product manager and specialist
Johannesburg, 12 Dec 2016

Cellphones and tablets can now be easily remotely controlled and allow the user to listen to confidential meetings, steal confidential messages, photos and even send destructive messages to clients from your phone.

While not much thought is given to the value of the data on mobile phones and tablets in the past developing tech now makes their risk protection from hackers and spies as vital as that of corporate IT and computing systems.

"Every cellphone and tablet user in business needs to be highly aware," says Ryan van de Coolwijk, Cyber Insurance Product Manager at Hollard Broker Markets. "In this case paranoia is necessary and highly recommended!"

* What data do you store on your phone?
* How sensitive are your messages and calls?
* What precautions will you take during the coming holidays?
* Consider the implications if your mobile data was compromised or your communications wiretapped?
* How secure do you think your phone is? You would probably be surprised!
* Do you know how to - and DO you - protect your mobile devices?

Mobiles have changed

The background of the capability, powers and multiple uses of mobiles is now virtually beyond the understanding of non- professionals. "The threat landscape to mobiles is booming; accelerated by easy access to online services, multitudes of new apps and the wide adoption of mobile computing. Cyber criminals and hackers are among those wondering

'Why attack a company network with its challenging firewalls when I can target the phones of key individuals?'

"Now, more than ever, people are using their mobile devices for online shopping, banking, social media and working on the go. With this expanding use vulnerabilities multiply," says Van de Coolwijk.

He explains that potential and increasingly sophisticated threats include, among many: vulnerabilities in the operating system of the device itself; malicious software (malware) including apps and rogue WiFi access points; ransomware; bank fraud and other tools.

RATS switch from cheese

There was a time when rats were drawn to cheese. "Now their favourite meal is buried in your devices. RATs - Remote Access Tools - target mobiles and they are easily purchased online, allowing hackers to take control of your device," warns Van de Coolwyk.

"Even those who want to spy on an ex can get an app! It is mind boggling and scary in ordinary life. Imagine the competitive danger to people in business. Phone RATs can be used to remotely and secretly turn on your speaker and record conversations happening in a confidential meeting or boardroom. RATs can take photos, steal sensitive data, access your stored photos or graphics, track your location, make unauthorised calls and send emails. RATs can even launch attacks against other systems or your clients and contacts impersonating you! The level of sophistication of some RAT creations puts many commercial software applications to shame with polished tutorials, guarantees, pricing models and easy to use payment systems. This is a thriving industry where customer service is paramount." Mobile device ransomware is also on the rise. This locks you out of your device until a fee is paid.

How can companies elevate protection?

Vendors have released enterprise mobility management (EMM) platform solutions to help companies increase security and defend against mobile devices accessing and/or using company resources. Functionality typically includes:

* Anti-malware.
* App scanning (protection from potentially unwanted and low reputation apps).
* Web filtering (protection from malicious websites and blocking of web pages by category).
* Encryption with separate secure data containers to keep personal and company data separated.
* The ability to centrally manage anti-theft and loss prevention like remote wipe, lock, reset, and locate.
* Central dashboard management to manage all mobile devices.

EMM solutions can help companies enforce compliance policies, control installing of apps, analyse apps for malicious behaviour and even automatically quarantine a compromised device.

Mobile security should be considered before even adding a device to the network, including passcodes, encryption and remote wipe capabilities. Listings of apps that can be installed, acceptable app reputation ratings and other defences can then help provide protection against threats from browsing or receiving emails.

How can individuals elevate protection?

From an individual perspective there are a number of mobile device management (MDM) solutions that can be used, some of which are free. Much of the functionality for such solutions would be similar to that of EMM platform solutions but geared towards individuals.

Ten tips to strengthen individual protection:

1. Keep your software updated: Set up your phone to automatically check for updates and apply these ASAP. Updates often include patches to known vulnerabilities and other security improvements.
2. Use a secure lock screen: Basically use a password to access your phone. Fingerprint scanning can also be used. Consider activating the instruction that when the incorrect passcode is entered 10 times an automatic phone wipe is performed.
3. Be cautious when it comes to apps: Use only official app stores who are generally good at removing malicious apps when discovered. This is a great deal safer than getting apps from unknown or unproved sources. While not technically malicious some apps disclose more personal information than required. For this reason be mindful of an app's security and privacy requirements and reputation score.
4. Ensure encryption is enabled: This encrypts all the data on the phone and requires the decryption key to gain access to the data.
5. Always have remote tracking, wipe and/or locking capability: Many phones are lost or stolen. So, having the ability to track, wipe and/or lock the phone can save many headaches by wiping sensitive data from lost or stolen devices.
6. Use security software: Security solutions incorporating anti-malware, app-scanning and Web-filtering can help protect against new threats.
7. Never use untrusted WiFi connections: Not all WiFi connections can be trusted. Make sure you know and trust the networks you are connecting to.
8. Be paranoid: Look out for social engineering attacks. If something seems too good to be true, it probably is. Think before you click, this goes for e-mails, SMS and all social media messages.
9. Backup: Avoid the pain of having to recapture all your contacts should your phone be locked, stolen or locked by ransomware and keep your backup up to date.
10. Safe disposal: At the very least wipe your old phone before putting it in a cupboard, selling it or giving it away. If the mobile device holds company information discuss device disposal issues with the data owner and company IT specialist. Make sure the corporate spy is not in your pocket, says Van de Coolwyk.

Queries to Susan Ford, 083 266 2727, susanford@yebo.co.za

Share

Editorial contacts

Ryan van der Coolwijk
ITOO
(+27) 83 794 4332
ryanv@itoo.co.za