Mobile Security

The majority of attacks on mobile devices focused on human exploitation, as found in the Proofpoint Human Factor Report.

Basically, various messages, mainly emails, were sent with malicious attachments or links that relied on human actions or responses to initiate the breach, rather than technically infiltrating a system directly. This being the case, increasing your knowledge and awareness is going to be the best preventative action you can take to safeguarding your information.

Mobile device attacks are an increasing problem as hackers begin to target mobile devices over desktop computers. For most working people, your entire life is on your phone. Not only limited to financial data, but your professional information and your day to day life events. Because of this, attackers choose to attack mobile devices more than any other. “We see all major mobile OSs being impacted, from Android, Apple iOS, Windows phone via BlackBerry to Symbian, with the ultimate aim being persistent remote control of the end user’s device.” – Simon Mullis, global technical lead at FireEye

Below are some of the best practices for ensuring the security of your data on your mobile device.

Physical Security & User Authentication

The first line of defense of a technical device is the physical security of the hardware. Device loss and theft constitutes most common “breach” of mobile devices. For example, a trusted employee leaving a phone exposed on a bus and it gets grabbed in an instant. User authentication protocols and password protection help limit the risks and dangers of a lost device. Enabling data wiping for repeated false attempts to access and even a remote wiping capability is recommended, and naturally so is regular backing up of your data to reduce loss. In short, don’t get lazy or complacent; ensure you use strong passwords and other user authentications to protect your device from simple intrusion.

Do not Jailbreak/Root Your Device

While jailbreaking your device can enable you to use almost anything you want, including unverified apps, many of said apps have security vulnerabilities. In fact, the number one indicator of your phone being compromised is the status of the OS and if it has been jailbroken. Additionally, the overwhelming majority of technical attacks on Apple’s iOS only affect jailbroken devices. In other words, avoid the urge to customize your device beyond what the designers intended; don’t overwind your toys.

Use a Mobile Security Application to Reveal the Status of Your Device

A properly researched and reputable mobile security app, such as NowSecure Protect, should extend the built-in security features of the device’s operating system and mainly provide insight to the user as to the status of said OS. Legitimate security software providers such as Norton, Qihoo, Symantec and NowSecure offer mobile security apps for most devices.

Update Your OS Regularly to Get the Latest Security Patches

Although it may get tedious, update your OS and Apps whenever available to ensure any gaps in security are plugged by the newest updates. Along with software updates and added features, security updates are a primary reason for such updates, take advantage of these to resolve emerging threats and limit exposures.

Avoid Unknown Networks and Reduce Connectivity

A very effective and simple way to minimize potential access by hackers is by limiting the amount of time you have with open connectivity, such as what is offered when you have your Wi-Fi or Bluetooth enabled. While this is a very technical and difficult approach, the ease in reducing this risk is worth it.

The other danger is rogue Wi-Fi networks which may be hackers intending to lure people in by logging on at public locations. The SSID (the name of the network) is easily cloned to read “Airport WiFi” or something else seemingly harmless, but don’t be fooled and only connect to known networks. Also, consider using encryption if any sensitive data is stored on the phone as well as for data in transit with more secure technologies, such as a Virtual Private Network (VPN). (Setting up a VPN for iPhone – Setting up a VPN for Android)

Be Careful Not to Fall for Phishing Schemes

Avoid potential phishing scams, virus schemes and malware threats by not clicking on unknown or unrequested links. Do not open e-mail attachments from ANY source that you have not identified or asked for attachments from. Additionally, verify the source of the attachment and do not trust the name as masquerading as an associate or legitimate company is easy and common.

Carefully Select Which Apps you Download

Mobile device users willingly downloaded over 2 billion mobile apps in 2015 that stole their personal information and corrupted their device. Malicious apps can be disguised as social media apps or mobile entertainment apps to trick users into choosing this version and infecting their own systems willfully. Ensure the app you choose to download is the legitimate version, from a legitimate provider.

In a recent study by NowSecure, 24.7 percent of mobile apps include at least one high-risk security flaw, the average device connects to 160 unique IP addresses every day, 35 percent of communications sent by mobile devices are unencrypted, business apps are three times more likely to leak login credentials than the average app, and games are one-and-a-half times more likely to include a high risk vulnerability than the average app.

Use Strong Passwords and use a Password Protector

Passwords and pin codes are not the best way to secure data by any means, but that is no reason to make it easy for attackers by using pin codes like ‘1234’ or passwords like ‘password.’ Simple things you can do go a long way, like using a password creator and storage stool. Passwords should also be changed regularly. A very simple password technique for both creating a strong password and ensuring this change is this: identify a date 30-90 days in advance, creating a password from the dates combination, such as May31@)!^ (the month of May with a capital letter, the day in numbers and the year in special characters) with this method, you have a strong password that encourages you to update it when that date comes around, and alternate how you order and type in the month, day and year.

Mobile Security
By: Joseph M LaSorsa

Joseph M LaSorsa is currently employed as a senior partner managing and conducting: Protective Operations Training Courses, Executive Protection & Bodyguard Services, Risk Management Consultations & Seminars, Workplace Violence Prevention Seminars & Intervention Services, Security Consultations & Seminars, Private Investigations and Technical Surveillance Counter-Measures with LaSorsa & Associates – an International Protection, Investigations & Security Consulting Firm. Web: www.linkedin.com/in/josephmlasorsa

Church Security Part 2

People go to church for all kinds of reasons but almost no one goes to find trouble. The ones that do go for that purpose, are the reason your church has a security team or ministry.

Unfortunately, over the last twenty years “Trouble” has been finding its way into church for the simple reason that for the most part we welcome it. Church is still the place that welcomes any one in any condition to come find help. In this second article on The New Frontier, I want to continue on the theme of how to make your church a safer place.

Surviving university as a mature student

Going to (or going back to) university seems to be becoming increasingly popular and I have lost count of the number of conversations I’ve had about the pros and cons of such a venture.

One of the major concerns / barriers to people embarking on a university course seems to be an anxiety about being a mature student. Whilst perhaps understandable, I hope in this article to reassure you that your experience of university can be just as valuable and exciting as a mature student as someone going straight from school.

A Medics Experience

Over the years, with the added involvement of oil and gas companies, alongside government contracts, the role of the medic has evolved from working as a ‘team medic’ into a ‘Tier 2’ medic who carries a comprehensive medical kit & medications, and is able to function as a lone medic often in remote locations. These changes have caused multiple shifts in the industry standard and requirements to become a Tier 2 Medic. This should be a good thing but it also comes with pitfalls.

Zero Days, How Do You Stop a Threat You Can’t See Coming?

This past March, WikiLeaks dumped 8,761 CIA documents collectively known as “Vault 7.” These documents contained information about what was essentially the government agency’s armory of cyber threats.

They included malware, viruses and Trojans used for espionage purposes. More importantly, they had information about zero day vulnerabilities the CIA had been using to hack computers, tablets, smartphones and other devices for intelligence gathering purposes.

The perils of looking after other people

Close protection operative has similar motivating forces to the psychotherapist. We are all in the helping professions, making people feel safer and calmer at difficult times in their lives. It’s a satisfying job that usually makes us feel good about ourselves and our abilities to help.

Keeping Your Edge, Politics as Un-usual

I’ve always tried to make sure I ask and answer that question before I write about personal experiences in public settings. In light of that, I must admit I thought about this one a bit longer than most, but felt it was worthy to share because one of the purposes of The Circuit Magazine is to inform and educate while offering unique perspectives within the Close Protection community.

Global Risk RoundUp – April 2019

Our Global Risk partners, Drum Cussac, provide in-depth analysis of global risks, here is your summary of the last 30 days. Including: 40 dead in armed attack in Mali, 13 killed in Hostage situation in Mexico, Multiple Islamic State Militants killed in Iraq and explosion on a bus in Sweden.

Global Risk RoundUp – March 2019

Our Global Risk partners, Drum Cussac, provide in-depth analysis of global risks, here is your summary of the last 30 days. Including: Students kidnapped in Cameroon, Explosions in Mogadishu, Indian Soldiers Dead – Gun battle in Kashmir, Suicide attack in Yemen & Car bomb in Syria.

Global Risk Roundup January 2019

Our Global Risk partners, Drum Cussac, provide in-depth analysis of global risks via in-house experts, cutting edge technology and through a comprehensive global source network. Here is your summary of the incidents you need to know about from the last 30 days.