Interviews

Don’t expose more than you intend

by Mark Rowe

Relaxing shouldn’t mean relaxed cyber-security, writes Fred Touchette, of AppRiver.

Every year organisations witness a mass exodus of staff, with weary workers desperate for a break from the daily grind. However, being away from the desk doesn’t necessarily mean executives are incommunicado. Practically every pocket carries with it a device for keeping in touch while out and about. On the surface smartphones and tablets might make for a stress-less break, without the worry of not knowing what’s happening back in the corporate world, it isn’t without its risks.

AppRiver’s recent survey, conducted amongst 1,000 employed adults by OnePoll, found that 53% of respondents would feel anxious if they did not have their phone with them, and 41% confirmed they’d be taking their phone with them when on holiday. Given the technology age we live in that might seem fairly normal, but there is the risk that phones left unsupervised beside a sun lounger or hidden under a towel on the beach are vulnerable to theft. With just half protected by a password or other security control, many could be exposing business information or confidential personal details.

Here are a few simple things to keep in mind this holiday season.

Mobile Mobiles
When first available, every phone essentially had its own operating system. This meant it was usually a less than fruitful endeavour for malware authors to bother targeting any one of them. However, that has all changed. With two major mobile operating systems leading the way in the smartphone market – iOS and Android, mobile devices have become a much more profitable, and therefore appealing, target.

A simple rule of thumb everyone should heed is safe browsing habits regardless of network or device. As we’ve learnt with PCs and the web, the same dangers (i.e. black hat SEO poisoning, social media, email and SMS) can also exploit a mobile device. If you wouldn’t do it on a PC, don’t do it on a mobile.

Think Smart
SMS and voicemail are common vectors of attack for phishing scams today. If you receive a message that you’re not expecting, especially if it’s too good to be true, chances are it is. If the message claims to be from the bank, rather than respond in the manner the SMS or message asks, instead directly contact the organisation or individual and verify that the request is genuine. Better still, simply delete suspicious messages as often responding can end up in text charges or possibly even more.

When sending an email, think of it as sending a postcard – everyone and anyone can read it. If the text shouldn’t be exposed to unauthorised eyes then standard email is not the best method. Instead, either use an encryption solution or use another communication channel.

InSecure WiFi
Often, it is all too tempting for holiday makers to pull out an electronic device and check a few things from the hotel’s poolside free Wi-Fi service or internet cafe. Unfortunately, convenience doesn’t always equate to security. That’s why it is very important to use a secure connection when accessing sensitive information, especially if it is on the corporate network.

Establishing a VPN connection before utilising free Wi-Fi creates a secure SSL tunnel. This helps secure the session and keep corporate network resources safe.

But remember that, even when using a secure connection, make sure to always and completely log out of sensitive sites. While it might seem all a bit secret agent, an attacker can hijack the session if it has been left open. Of course, some sites will perform an automatic log-out after a period of inactivity, or when the browser closes, but even those few moments present a window of opportunity for attackers to get in.

To put Wi-Fi in perspective, and explain why it is so dangerous, every session utilises radio waves to communicate and is accessible to anyone. That’s why closing down other, non-related, Web browser tabs is not a bad idea – every little helps after all.

If set up properly, private Wi-Fi connections can be a viable remedy to surfing Wi-Fi spots. And at the very least, WPA2 encryption should be used. Additional security measures that can be put into place include MAC address filtering (though this can be a bit advanced and can lead to device lockout if not done correctly) and users certainly can’t count on the encryption being provided when using a public network.

Lock and Key
Another rule for safe mobile device usage is security on the device itself. The functionality of phones today means many are likely to contain personal information (such as stored logins to banking or social media sites) and could provide someone access to sensitive information were the device to be lost or stolen. As our survey found, only half of the people questioned had any type of security on their phone, meaning many are at risk of losing more than their device if it goes missing – whether at home or abroad. To minimise this threat, something as simple as activating a password means this sensitive information is afforded at least some protection.

However, while a password will thwart the opportunistic thief, someone who is targeting the device because of what it might contain a stronger defence is needed. For those who carry confidential business material (12% in our survey), or who are serious about their privacy, additional security needs to be deployed. Encryption software on the device will help protect data in the event that the device becomes lost or stolen. Using a remote wipe to brick the device completely is one way to ensure sensitive information doesn’t fall into the wrong hands.

App Security
Finally, while launching a favourite app or trying out some new games may keep us, and even the kids, entertained, it isn’t without some risks. Always make sure these applications come from a reputable source, and be aware of the permissions requested during the install. It’s best practice to read the reviews, and research what others say about any program, before ‘downloading and launching.

Regardless of where you’re going on holiday this year, or even if you’re staying at home, make sure you don’t expose more than you intend.

Related News

  • Interviews

    PCCs: one year on

    by Mark Rowe

    This week marks one year since the election of 41 Police and Crime Commissioners (PCCs) in England and Wales on November 15,…

  • Interviews

    Summer warning

    by msecadm4921

    Not taking in consideration the changing requirements of security systems in the longer hours of daylight can put properties at risk, the…

Newsletter

Subscribe to our weekly newsletter to stay on top of security news and events.

© 2024 Professional Security Magazine. All rights reserved.

Website by MSEC Marketing