Mobile Security

The majority of attacks on mobile devices focused on human exploitation, as found in the Proofpoint Human Factor Report.

Basically, various messages, mainly emails, were sent with malicious attachments or links that relied on human actions or responses to initiate the breach, rather than technically infiltrating a system directly. This being the case, increasing your knowledge and awareness is going to be the best preventative action you can take to safeguarding your information.

Mobile device attacks are an increasing problem as hackers begin to target mobile devices over desktop computers. For most working people, your entire life is on your phone. Not only limited to financial data, but your professional information and your day to day life events. Because of this, attackers choose to attack mobile devices more than any other. “We see all major mobile OSs being impacted, from Android, Apple iOS, Windows phone via BlackBerry to Symbian, with the ultimate aim being persistent remote control of the end user’s device.” – Simon Mullis, global technical lead at FireEye

Below are some of the best practices for ensuring the security of your data on your mobile device.

Physical Security & User Authentication

The first line of defense of a technical device is the physical security of the hardware. Device loss and theft constitutes most common “breach” of mobile devices. For example, a trusted employee leaving a phone exposed on a bus and it gets grabbed in an instant. User authentication protocols and password protection help limit the risks and dangers of a lost device. Enabling data wiping for repeated false attempts to access and even a remote wiping capability is recommended, and naturally so is regular backing up of your data to reduce loss. In short, don’t get lazy or complacent; ensure you use strong passwords and other user authentications to protect your device from simple intrusion.

Do not Jailbreak/Root Your Device

While jailbreaking your device can enable you to use almost anything you want, including unverified apps, many of said apps have security vulnerabilities. In fact, the number one indicator of your phone being compromised is the status of the OS and if it has been jailbroken. Additionally, the overwhelming majority of technical attacks on Apple’s iOS only affect jailbroken devices. In other words, avoid the urge to customize your device beyond what the designers intended; don’t overwind your toys.

Use a Mobile Security Application to Reveal the Status of Your Device

A properly researched and reputable mobile security app, such as NowSecure Protect, should extend the built-in security features of the device’s operating system and mainly provide insight to the user as to the status of said OS. Legitimate security software providers such as Norton, Qihoo, Symantec and NowSecure offer mobile security apps for most devices.

Update Your OS Regularly to Get the Latest Security Patches

Although it may get tedious, update your OS and Apps whenever available to ensure any gaps in security are plugged by the newest updates. Along with software updates and added features, security updates are a primary reason for such updates, take advantage of these to resolve emerging threats and limit exposures.

Avoid Unknown Networks and Reduce Connectivity

A very effective and simple way to minimize potential access by hackers is by limiting the amount of time you have with open connectivity, such as what is offered when you have your Wi-Fi or Bluetooth enabled. While this is a very technical and difficult approach, the ease in reducing this risk is worth it.

The other danger is rogue Wi-Fi networks which may be hackers intending to lure people in by logging on at public locations. The SSID (the name of the network) is easily cloned to read “Airport WiFi” or something else seemingly harmless, but don’t be fooled and only connect to known networks. Also, consider using encryption if any sensitive data is stored on the phone as well as for data in transit with more secure technologies, such as a Virtual Private Network (VPN). (Setting up a VPN for iPhone – Setting up a VPN for Android)

Be Careful Not to Fall for Phishing Schemes

Avoid potential phishing scams, virus schemes and malware threats by not clicking on unknown or unrequested links. Do not open e-mail attachments from ANY source that you have not identified or asked for attachments from. Additionally, verify the source of the attachment and do not trust the name as masquerading as an associate or legitimate company is easy and common.

Carefully Select Which Apps you Download

Mobile device users willingly downloaded over 2 billion mobile apps in 2015 that stole their personal information and corrupted their device. Malicious apps can be disguised as social media apps or mobile entertainment apps to trick users into choosing this version and infecting their own systems willfully. Ensure the app you choose to download is the legitimate version, from a legitimate provider.

In a recent study by NowSecure, 24.7 percent of mobile apps include at least one high-risk security flaw, the average device connects to 160 unique IP addresses every day, 35 percent of communications sent by mobile devices are unencrypted, business apps are three times more likely to leak login credentials than the average app, and games are one-and-a-half times more likely to include a high risk vulnerability than the average app.

Use Strong Passwords and use a Password Protector

Passwords and pin codes are not the best way to secure data by any means, but that is no reason to make it easy for attackers by using pin codes like ‘1234’ or passwords like ‘password.’ Simple things you can do go a long way, like using a password creator and storage stool. Passwords should also be changed regularly. A very simple password technique for both creating a strong password and ensuring this change is this: identify a date 30-90 days in advance, creating a password from the dates combination, such as May31@)!^ (the month of May with a capital letter, the day in numbers and the year in special characters) with this method, you have a strong password that encourages you to update it when that date comes around, and alternate how you order and type in the month, day and year.

Mobile Security
By: Joseph M LaSorsa

Joseph M LaSorsa is currently employed as a senior partner managing and conducting: Protective Operations Training Courses, Executive Protection & Bodyguard Services, Risk Management Consultations & Seminars, Workplace Violence Prevention Seminars & Intervention Services, Security Consultations & Seminars, Private Investigations and Technical Surveillance Counter-Measures with LaSorsa & Associates – an International Protection, Investigations & Security Consulting Firm. Web: www.linkedin.com/in/josephmlasorsa

Industry News

We cast our eye over the main stories impacting the security industry, including, Kanye West’s former bodyguard is calling the rapper a “bully” and is threatening to sue for damages after West accused him of breaking a confidentiality agreement.

Industry News

We cast our eye over the main stories impacting the security industry. Here’s what’s appeared on the radar since the last issue.

Security Industry Association Announces New SIA Women in Security Scholarship Opportunity

“The SIA Women in Security Forum works to grow and retain leaders in the security industry,” said Gloria Salmeron, director of human resources at Brivo and co-chair of the scholarship committee. “With the addition of this new scholarship, we look forward to helping bring opportunities for further education and advancement to as wide a spectrum of people as possible and inviting individuals to participate in the Women in Security Forum.”

Insecure Smart Houses

They are only of limited relevance today, but as the technologies involved become more widespread and implemented into every facet of life they will only become more prevalent. While it sounds like the stuff of science fiction, these threats exist now and are not going to go away.

For simplicity, we’ll say that a ‘smart’ device is anything which connects to the internet (or a network) and is not intended to be a computer interface. Intended is the key word there, as many of these devices are insecure for the simple reason that they are a computer. The problem is that it is now cheaper and easier to put a general purpose computer into a device and run some software to, for example, turn lights on and off than it is to design a single-purpose lightbulb which also connects to a network.

Turning Habitual Habits into a Positive

Being an instructor for Tony Scotti’s Vehicle Dynamics Institute has forwarded the opportunity to observe how a large section of professionals interact and function from different niches of the industry. Military, transnational EP teams, US based teams, Federal LEO’s or with civilians this theme shows through. Even in the larger training arena the change can be seen as more of the schools are starting to focus on classes or blocks of instruction such as client management and behavioral analysis. The discussion forms are flooded with conversations relating to how to work in a team dynamic. It doesn’t matter if its a 28 day school or a three day school, they will be touching on and teaching these topics.

What is Executive Protection?

In the past, I viewed Executive Protection (EP) as persons who provided corporate level protection. This was the guy who only walked with the CEO, politician, or other important corporate executives and dignitaries. With my limited understanding, I didn’t think of those who drive these same individuals as being considered Executive Protection agents as well. As an EP specialist, I now understand and have experienced some of the vast role’s EP work will encompass.