Cyber attack and smart phone!

18.09.2021

We constantly hear that Norway is at the top of countries that have adopted Smart Phones. Statistics Norway shows that 98% under the age of 65 have used a smart phone. Over 72% have access to tablets. But only less than half have security programs installed. With such numbers, it is understandable that smart phones are vulnerable to attack. I see that many do not see it as very important. This means that almost all of us can fall victim to cyber-attacks.

Report from "Check Point" (a reputable security company):

40 percent of mobile devices are exposed to cyber-attacks, Check Point's new report shows. They recently published their mobile security report for 2021. It goes without saying that the report was packed with relevant findings for cyber-attacks carried out in 2020.

What is worrying is that it is no longer necessary to confirm that someone will have full access to your mobile phone or tablet. (0 click key attack). Attacks do not only come from SMS, MMS or with a link you "should not press". It can just as easily come from email, photo, website, your web sharing, Bluetooth, or social media.

When we know that most people use their smart phones online, and 8 out of 10 are on social media, it is one of the biggest channels to be attacked. It is to say it very simple. Cyber​​security will be one of the most important things for us in the future.

Some advice to take with you.

When we look at how dependent we have become on our smart phones, tablets, and PCs, both privately and at work, it is good to look a little at what was considered security before the recent attacks.

I see that google is also engaged in security with "BeyondCorp" which is Google's implementation of a zero-trust model. By moving access controls from the outer edges of the network and over to individual users - they enable secure work from virtually anywhere without the need for a traditional VPN solution.

Previously, these were some simple points that we ourselves followed:

Security needs related to the use of mobile devices such as smartphones, smartwatches, tablets, and laptops. Previously, you could achieve good mobile security with a few simple measures you can perform yourself. Today, it is recommended to use someone with expertise in the area.

  • Remember to activate the Touch / Face ID to open the device. Both Touch ID and Face ID will be required again after each closing of the device and after a short downtime. When using a pin code, use a 6-digit number code that is not too easy to find. Always remember to shield your phone from access by cameras and others who may gain access.
  • You should install updates to your device and apps as soon as possible after they are publicly available - both to close known security holes and to gain access to new and improved security functionality. Even if this is on an automatic download, check for updates as it does not always go automatically. Turn off lock screen notifications on apps that have sensitive information or use a flap case that covers the screen. You can reduce the risk by using "Privacy" protective film, it limits the ability to read the screen from oblique angles.
  • Prevent eavesdropping, preferably use 4G, then you reduce the risk of someone "tricking" your
  • mobile device into a network without encryption. EDGE (2G) is more vulnerable than 3G, which is more vulnerable than 4G. Mobile security is up to the operator of the mobile network. It is therefore recommended that one (especially abroad) should use messaging services that add encryption.
  • Feel free to set your mobile device to automatic backup. In some cases, the best option would be to use a storage service that the IT department has either entered into an agreement with or even operates and has control over (private cloud).
  • Delete data from the device if you lose it. If you lose your phone, tablet, or PC, it is not just the value of the hardware you lose. You run the risk of your data, documents, photos, and sensitive e-mail falling into the wrong hands. Therefore, if you lose it, you should be able to remotely delete the contents of your mobile device. Use the provider's service to delete the device. The mobile device can also be set to delete the contents after x number of unsuccessful attempts to enter the PIN code.
  • Older wireless networks (Wi-Fi) can use technology that is vulnerable and can be exploited by unauthorized persons. Therefore, avoid using Wi-Fi for something that is sensitive, but if you still must, it is important to encrypt the information you send and receive when, for example, using a VPN solution. Note that some mobile devices may automatically connect to an insecure wireless network and / or a wireless network pretending to be a network you have previously used. This can happen without you noticing, so always turn OFF automatic connection to Wi-Fi (this is done in settings).
  • Use VPN for all network traffic. Use a VPN solution from a reputable provider, preferably a centrally procured VPN solution that is managed by your IT department.
  • Use caution when using Bluetooth and switch off when not in use. Bluetooth can easily connect your phone, tablet or PC to other wireless devices such as headphones, hands-free devices or smartwatches. A Bluetooth connection can transfer data / information between your mobile device and other wireless devices. To prevent possible information leakage, turn off Bluetooth when not in use. Be restrained and careful to connect your device to devices you do not trust.
  • Sharing data directly between mobile devices can often be better than other sharing services that go through the internet and perhaps via a cloud solution. This is because the possibility for others to eavesdrop on communication is reduced. When using sharing services, be aware that they must be deactivated (OFF) immediately after the transfer. This also applies to the use of Bluetooth.
  • Give apps minimal access to microphone, camera, and location data. A phone, tablet, or PC can register where you are. It can reveal where you work, where you live and which locations you visit, even if you do not use the navigation app.
  • Only install necessary apps and prefer known and trusted sources. Malware, spyware, and other malicious applications often come through unofficial distribution channels. Never install apps that come from an unknown service or apps that require security settings to change to install them. Only install applications from official libraries from the vendor.
  • Remember that both your private, personal data and information from your job can be sensitive and valuable. For example, if you lose your phone, you may lose private pictures and other data stored on your phone. Mixing private and work-related accounts and features therefore increases your mobile vulnerability.

Read more useful articles at: https://www.visualityglobal.com/article/ 

Author Trond Paulsen

Share