Are you defending the devices that power your life and your business?
Everyone is uber connected to the internet today whether it be for personal reasons or business, everywhere you look someone will be using some sort of mobile device to shop, stay connected to friends and family, colleagues, associates, etc. You depend on your mobile devices to practically run your life.
The devices are cross platforms. Meaning that you can be using an iPad, an Android, a laptop, and computer and all can run different OS’s as well as different program versions and still be compatible with each other. With assistance from the cloud and onboard technologies these devices have learned to work seamlessly together making our lives easier, but this can come at a huge cost if we are not careful.
What is considered a mobile device?
- USB Drives
Remember your mobile devices are in fact computers (even your phones). They contain tons of sensitive and confidential information that you do not want to get into the wrong hands.
According to this Ponemon study of 116 organizations, 62% of mobile data devices that were lost or stolen contained sensitive or confidential info. Tweet This! These devices are a requirement in today’s society to make business work. So we need to take precautions to make our risks minimal.
What are some of the dangers?
This is a software programmed by attackers to corrupt your devices in some way. They are used to gather confidential information, gain access to private computer systems (which now includes your mobile devices). Malware includes computer viruses, worms, Trojan horses, ransomware, rootkits, dialers, spyware, adware, keyloggers , malicious BHO’s, rogue security software and other malicious programs.
How does Malware get onto your devices?
- The Wi-Fi Spy
Wi-Fi Snoops quietly visit your devices while you are working at your favorite coffee shop. You won’t even know they’re there. They are sneaky and dangerous. While you’re having your coffee and working on your devices they have gained entry via the public network.
- The Pretender
The Trojan Horse pretends to be something he’s not. You think you’re clicking on a legitimate program / app to update it and bam. He’s got you! He’ll go to work immediately with his malicious code and destroy whatever he’s been created to destroy. This can be any number of your file systems.
- The Replicator
The Worm is a smart little bugger that can replicate itself and spread to other computers. It often relies on security failures on the target computers, can be utilized to delete files or allow the worm’s creator to install a backdoor and gain control of your system.
- The Man in the Middle
The man in the middle intercepts messages between two systems. If you can, visualize:
During the man in the middle exchange what harm comes depends on the intent of the man in the middle. They may just be intercepting, but could potentially retrieve valuable and confidential information putting your life and business at risk. Or they could change the messages sent back and forth before they are received by the other end such as in a purchase being made … the next thing you know you’re card has been maxed out. If you’ve ever received a warning on a website that the site Server certificate is not valid it is possible you are potentially about to become a victim of the man in the middle. Immediately leave the page, and contact the web master or other person(s) to notify them and go about your transaction in a different way.
- 3rd Party Apps (unofficial) Websites
Buyer beware: because these sites have no controls put into place on what applications are made available you have no idea what you are getting. It’s safer to use a trusted app store to get your apps from (Apple/Google).
Bogus website that looks authentic which was created with one purpose to steal your information (your identity). Common way of getting you to the site is by sending you an email requesting that you click on a link to update your information. Do not EVER do this. Remember, the company already has your info. If you feel it needs to be updated then call them or go directly to the legitimate account login page that you were given when you became registered with them in the first place.
Same as phishing, but you get a text message with a link enticing you to click on it and give them your information, or it will install malware on your device.
- App Stores
Copies of legit apps are infected with malicious code and placed in an official app store.
Quietly collects info from your devices without you ever having a clue, and sends to the attacker.
- Evil Twinning / Rogue HotSpots
The use of their mobile device to create a “mobile hotspot” and they name it something like “Starbucks” / “Panera”. Something that the unsuspecting victim will not be aware is a fake hotspot. When you’re surfing over their system they can see all the data. Avoid unlocked “hotspots” and check in first with the site where you are connecting to and find out which is the legitimate sign in for their Wi-Fi.
What can we do to protect our devices and our confidential information when utilizing these devices?
- Keep track of your devices:
- Don’t EVER leave your devices unattended while at Panera, Starbucks, etc.
- Change your default settings on your devices:
- Turn on your pass code (or)
- You can create a more complex passcode if your device has highly confidential or sensitive information (make sure to use a combination of characters – letters, number, symbols, and make it difficult to guess)
- Turn on two minute auto lock
- 10 Attempt Wipe – if someone attempts to put in a passcode10 x’s it will wipe your device
- Enable remote tracking and wiping (depending on your device you may need to get an app)
- Install Mobile Security Software (McAfee, Norton, Avast)
- Always get your apps from trusted sources such as Apple or Google.
- NEVER use a third party app unless you have vetted the app in some way.
- You don’t always need the latest app. Wait till it’s vetted and has been around for a while.
- Change your privacy settings in each app. By default each app has automatic access to some of your information (i.e. contacts such as in a Facebook app).
- Do NOT store passwords in a note feature. Use an encrypted password keeper instead.
- Tethering – instead of using the Wi-Fi hotspot consider using your cell phone as your own personal hotspot. (Remember this will use your phone’s data.)
- For “bring your own device” to work environments where the employee uses the same device for work and play get an IT security professional involved to set up a VPN and other settings that will ensure the security of the work files.
- Criminals go after the path of least resistance. So the more you do to protect yourself the less likely the bad guy is to attack you. Start putting these steps into action today and get your devices and confidential information protected today!
What do you do to protect your devices? Tell us in the comments below.