Mobile Security

The majority of attacks on mobile devices focused on human exploitation, as found in the Proofpoint Human Factor Report.

Basically, various messages, mainly emails, were sent with malicious attachments or links that relied on human actions or responses to initiate the breach, rather than technically infiltrating a system directly. This being the case, increasing your knowledge and awareness is going to be the best preventative action you can take to safeguarding your information.

Mobile device attacks are an increasing problem as hackers begin to target mobile devices over desktop computers. For most working people, your entire life is on your phone. Not only limited to financial data, but your professional information and your day to day life events. Because of this, attackers choose to attack mobile devices more than any other. “We see all major mobile OSs being impacted, from Android, Apple iOS, Windows phone via BlackBerry to Symbian, with the ultimate aim being persistent remote control of the end user’s device.” – Simon Mullis, global technical lead at FireEye

Below are some of the best practices for ensuring the security of your data on your mobile device.

Physical Security & User Authentication

The first line of defense of a technical device is the physical security of the hardware. Device loss and theft constitutes most common “breach” of mobile devices. For example, a trusted employee leaving a phone exposed on a bus and it gets grabbed in an instant. User authentication protocols and password protection help limit the risks and dangers of a lost device. Enabling data wiping for repeated false attempts to access and even a remote wiping capability is recommended, and naturally so is regular backing up of your data to reduce loss. In short, don’t get lazy or complacent; ensure you use strong passwords and other user authentications to protect your device from simple intrusion.

Do not Jailbreak/Root Your Device

While jailbreaking your device can enable you to use almost anything you want, including unverified apps, many of said apps have security vulnerabilities. In fact, the number one indicator of your phone being compromised is the status of the OS and if it has been jailbroken. Additionally, the overwhelming majority of technical attacks on Apple’s iOS only affect jailbroken devices. In other words, avoid the urge to customize your device beyond what the designers intended; don’t overwind your toys.

Use a Mobile Security Application to Reveal the Status of Your Device

A properly researched and reputable mobile security app, such as NowSecure Protect, should extend the built-in security features of the device’s operating system and mainly provide insight to the user as to the status of said OS. Legitimate security software providers such as Norton, Qihoo, Symantec and NowSecure offer mobile security apps for most devices.

Update Your OS Regularly to Get the Latest Security Patches

Although it may get tedious, update your OS and Apps whenever available to ensure any gaps in security are plugged by the newest updates. Along with software updates and added features, security updates are a primary reason for such updates, take advantage of these to resolve emerging threats and limit exposures.

Avoid Unknown Networks and Reduce Connectivity

A very effective and simple way to minimize potential access by hackers is by limiting the amount of time you have with open connectivity, such as what is offered when you have your Wi-Fi or Bluetooth enabled. While this is a very technical and difficult approach, the ease in reducing this risk is worth it.

The other danger is rogue Wi-Fi networks which may be hackers intending to lure people in by logging on at public locations. The SSID (the name of the network) is easily cloned to read “Airport WiFi” or something else seemingly harmless, but don’t be fooled and only connect to known networks. Also, consider using encryption if any sensitive data is stored on the phone as well as for data in transit with more secure technologies, such as a Virtual Private Network (VPN). (Setting up a VPN for iPhone – Setting up a VPN for Android)

Be Careful Not to Fall for Phishing Schemes

Avoid potential phishing scams, virus schemes and malware threats by not clicking on unknown or unrequested links. Do not open e-mail attachments from ANY source that you have not identified or asked for attachments from. Additionally, verify the source of the attachment and do not trust the name as masquerading as an associate or legitimate company is easy and common.

Carefully Select Which Apps you Download

Mobile device users willingly downloaded over 2 billion mobile apps in 2015 that stole their personal information and corrupted their device. Malicious apps can be disguised as social media apps or mobile entertainment apps to trick users into choosing this version and infecting their own systems willfully. Ensure the app you choose to download is the legitimate version, from a legitimate provider.

In a recent study by NowSecure, 24.7 percent of mobile apps include at least one high-risk security flaw, the average device connects to 160 unique IP addresses every day, 35 percent of communications sent by mobile devices are unencrypted, business apps are three times more likely to leak login credentials than the average app, and games are one-and-a-half times more likely to include a high risk vulnerability than the average app.

Use Strong Passwords and use a Password Protector

Passwords and pin codes are not the best way to secure data by any means, but that is no reason to make it easy for attackers by using pin codes like ‘1234’ or passwords like ‘password.’ Simple things you can do go a long way, like using a password creator and storage stool. Passwords should also be changed regularly. A very simple password technique for both creating a strong password and ensuring this change is this: identify a date 30-90 days in advance, creating a password from the dates combination, such as May31@)!^ (the month of May with a capital letter, the day in numbers and the year in special characters) with this method, you have a strong password that encourages you to update it when that date comes around, and alternate how you order and type in the month, day and year.

Mobile Security
By: Joseph M LaSorsa

Joseph M LaSorsa is currently employed as a senior partner managing and conducting: Protective Operations Training Courses, Executive Protection & Bodyguard Services, Risk Management Consultations & Seminars, Workplace Violence Prevention Seminars & Intervention Services, Security Consultations & Seminars, Private Investigations and Technical Surveillance Counter-Measures with LaSorsa & Associates – an International Protection, Investigations & Security Consulting Firm. Web: www.linkedin.com/in/josephmlasorsa

Security Industry Association Announces New SIA Women in Security Scholarship Opportunity

“The SIA Women in Security Forum works to grow and retain leaders in the security industry,” said Gloria Salmeron, director of human resources at Brivo and co-chair of the scholarship committee. “With the addition of this new scholarship, we look forward to helping bring opportunities for further education and advancement to as wide a spectrum of people as possible and inviting individuals to participate in the Women in Security Forum.”

Tried and Tested: Can Open Source Boost CCTV into the 21st Century?

With funding from the UK’s innovation agency, Innovate UK, Zircon Software Ltd is working to find out whether security surveillance systems and associated analytics can work in a station environment without disrupting the rail network. To achieve this, Zircon are planning to utilise advanced video analytics, taking functional open source Machine Learning libraries wrapped in […]

French medics need bodyguards for 300 metre commute after spike in violent attacks

The capital’s iconic station is just 300 meters from the hospital, yet employees do not feel safe enough to make the journey on foot alone between the hours of 6pm and 10pm.

Industry News At A Glance March 2020

We cast our eye over the main stories impacting the security industry. Here’s what’s appeared on the radar since the last issue.

The Fallacy of the Individual Bodyguard

It was the height of British military and government involvement in the ill-fated NATO-led effort to crush the Taliban, and Kabul was inundated with people needing close protection services. From diplomats attempting to build infrastructure and civil institutions to corporate honchos sniffing out potential business opportunities, there was no shortage of clients for security firms to pitch. As my conversation with the in-country manager progressed, I broached the subject of IBGs – individual bodyguards. I told him in no uncertain terms that the idea of having an individual effectively carry out the functions of a close protection team was utter and absolute flannel. His response: “Maybe, Bob. But it brings in the dollars!”

Defining Professionalism in the Personal Protection Industry

Not because there is less work out there, in fact, the opposite is probably true. With global threat levels at an all-time high, there is more work in the security industry now than there ever has been and the security industry is booming, but it’s harder to find work because there are now thousands more so-called ‘qualified’ CPOs chasing after every position. It is a fact that most licensed operators have never actually done a day’s close protection work in their lives. At the time of writing this article, there are over 14,000 valid, UK, CP licences. Yes, over fourteen thousand people in the UK currently have a license to operate as a Close Protection Officer.

Counter-Ambush Tactics for Security Professionals – Part 1

By far the best method to accomplish this goal is to adopt a predictive, preventative strategy for protecting clients based on the tenets of Detect, Deter, and Defend. To effectively employ these tenets, we need some very specific soft and hard skills. In the protective operations world, the “soft” skills are sometimes referred to as Protective Intelligence (PI) while in other security disciplines they are referred to as situational and tactical awareness skills. If we are unable to prevent or avoid an attack, we need to have some expertise in specific “hard” skills such as use of firearms and security driving so that we can survive an ambush.