Mobile Security

The majority of attacks on mobile devices focused on human exploitation, as found in the Proofpoint Human Factor Report.

Basically, various messages, mainly emails, were sent with malicious attachments or links that relied on human actions or responses to initiate the breach, rather than technically infiltrating a system directly. This being the case, increasing your knowledge and awareness is going to be the best preventative action you can take to safeguarding your information.

Mobile device attacks are an increasing problem as hackers begin to target mobile devices over desktop computers. For most working people, your entire life is on your phone. Not only limited to financial data, but your professional information and your day to day life events. Because of this, attackers choose to attack mobile devices more than any other. “We see all major mobile OSs being impacted, from Android, Apple iOS, Windows phone via BlackBerry to Symbian, with the ultimate aim being persistent remote control of the end user’s device.” – Simon Mullis, global technical lead at FireEye

Below are some of the best practices for ensuring the security of your data on your mobile device.

Physical Security & User Authentication

The first line of defense of a technical device is the physical security of the hardware. Device loss and theft constitutes most common “breach” of mobile devices. For example, a trusted employee leaving a phone exposed on a bus and it gets grabbed in an instant. User authentication protocols and password protection help limit the risks and dangers of a lost device. Enabling data wiping for repeated false attempts to access and even a remote wiping capability is recommended, and naturally so is regular backing up of your data to reduce loss. In short, don’t get lazy or complacent; ensure you use strong passwords and other user authentications to protect your device from simple intrusion.

Do not Jailbreak/Root Your Device

While jailbreaking your device can enable you to use almost anything you want, including unverified apps, many of said apps have security vulnerabilities. In fact, the number one indicator of your phone being compromised is the status of the OS and if it has been jailbroken. Additionally, the overwhelming majority of technical attacks on Apple’s iOS only affect jailbroken devices. In other words, avoid the urge to customize your device beyond what the designers intended; don’t overwind your toys.

Use a Mobile Security Application to Reveal the Status of Your Device

A properly researched and reputable mobile security app, such as NowSecure Protect, should extend the built-in security features of the device’s operating system and mainly provide insight to the user as to the status of said OS. Legitimate security software providers such as Norton, Qihoo, Symantec and NowSecure offer mobile security apps for most devices.

Update Your OS Regularly to Get the Latest Security Patches

Although it may get tedious, update your OS and Apps whenever available to ensure any gaps in security are plugged by the newest updates. Along with software updates and added features, security updates are a primary reason for such updates, take advantage of these to resolve emerging threats and limit exposures.

Avoid Unknown Networks and Reduce Connectivity

A very effective and simple way to minimize potential access by hackers is by limiting the amount of time you have with open connectivity, such as what is offered when you have your Wi-Fi or Bluetooth enabled. While this is a very technical and difficult approach, the ease in reducing this risk is worth it.

The other danger is rogue Wi-Fi networks which may be hackers intending to lure people in by logging on at public locations. The SSID (the name of the network) is easily cloned to read “Airport WiFi” or something else seemingly harmless, but don’t be fooled and only connect to known networks. Also, consider using encryption if any sensitive data is stored on the phone as well as for data in transit with more secure technologies, such as a Virtual Private Network (VPN). (Setting up a VPN for iPhone – Setting up a VPN for Android)

Be Careful Not to Fall for Phishing Schemes

Avoid potential phishing scams, virus schemes and malware threats by not clicking on unknown or unrequested links. Do not open e-mail attachments from ANY source that you have not identified or asked for attachments from. Additionally, verify the source of the attachment and do not trust the name as masquerading as an associate or legitimate company is easy and common.

Carefully Select Which Apps you Download

Mobile device users willingly downloaded over 2 billion mobile apps in 2015 that stole their personal information and corrupted their device. Malicious apps can be disguised as social media apps or mobile entertainment apps to trick users into choosing this version and infecting their own systems willfully. Ensure the app you choose to download is the legitimate version, from a legitimate provider.

In a recent study by NowSecure, 24.7 percent of mobile apps include at least one high-risk security flaw, the average device connects to 160 unique IP addresses every day, 35 percent of communications sent by mobile devices are unencrypted, business apps are three times more likely to leak login credentials than the average app, and games are one-and-a-half times more likely to include a high risk vulnerability than the average app.

Use Strong Passwords and use a Password Protector

Passwords and pin codes are not the best way to secure data by any means, but that is no reason to make it easy for attackers by using pin codes like ‘1234’ or passwords like ‘password.’ Simple things you can do go a long way, like using a password creator and storage stool. Passwords should also be changed regularly. A very simple password technique for both creating a strong password and ensuring this change is this: identify a date 30-90 days in advance, creating a password from the dates combination, such as May31@)!^ (the month of May with a capital letter, the day in numbers and the year in special characters) with this method, you have a strong password that encourages you to update it when that date comes around, and alternate how you order and type in the month, day and year.

Mobile Security
By: Joseph M LaSorsa

Joseph M LaSorsa is currently employed as a senior partner managing and conducting: Protective Operations Training Courses, Executive Protection & Bodyguard Services, Risk Management Consultations & Seminars, Workplace Violence Prevention Seminars & Intervention Services, Security Consultations & Seminars, Private Investigations and Technical Surveillance Counter-Measures with LaSorsa & Associates – an International Protection, Investigations & Security Consulting Firm. Web: www.linkedin.com/in/josephmlasorsa

Prince Andrew could lose bodyguards amid new Epstein details

A withdrawal of public money for bodyguards would mean Prince Andrew would either have none or would have to pay for them himself.

Ex-G4S Security Contractor and Double Murderer, Fitzsimons, Secretly Extradited from Iraq

He admitted shooting the men but claimed it was self-defence, saying they had been out drinking and the other two tried to kill him during an altercation. He later claimed he was suffering from Post-Traumatic Stress Disorder

Matty Blythe – From Super League Rugby to Bodyguard Training Director, via Iraq.

There are loads of fundamentals and characteristics that close protection shares with rugby league. There’s a lot of planning and preparation with video sessions, and you need to think about X, Y and Z before you think about A, B, and C in both. You’re always planning for the worst-case scenario, and you need to know the strengths and weaknesses of the opposition.

The Man in the Middle – Intro to Cybersecurity Part 3

Welcome to a third article in the series looking at introductions to cyber security. We’ll be looking at a type of attack which most people will be familiar with in principle, if not in technical practice.

The basic idea is simple – an attacker sits between two trusting parties, intercepting their communication and impersonating each to the other. Obviously this is somewhat harder in practice where people are, for example, sitting in a room together, but even a phone call gives potential for an eavesdropper or impersonator.

Tragedy on Your Team and What Happens Afterwards?

I tend to believe that people in this business believe that the test of leadership comes during the attack on principle (AOP). While there is no denying that leadership is necessary in those key moments of an attack or any other catastrophic event. But as I stated at the Summit, the hardest part of this job is, ‘the after.’

Women In The Close Protection Industry

First, I prefer placing female CPO’s with female clients or their children for the client’s comfort or peace of mind. Some males are easily suited to this task but the client may simply think that a male does not belong in constant close proximity and occasionally in isolated private settings with the kids or a client’s wife. This can be equally true with female CPO’s and male clients but the concern of inappropriate behavior with the children dissolves when a female is placed with them. Remember, it’s always up to the client.