When I started my career over 20 years ago, I was issued a corporate laptop with a phone-line dial-up modem and a beeper. For years, the computer was the only device I connected to the corporate network. The computer was provisioned to me complete with corporate standard software and all of the necessary security controls built in. The software was kept up to date by my IT department and the only things I had to do were keep the device physically safe from thieves and avoid losing it. Fast forward to today and things look much different. With the emergence of BYOD (Bring Your Own Device), more personal machines are connecting to the private networks of organizations without the oversight of IT. The presence of these devices increase the risk of exploitation from the outside. Chief Information Security Officers (CISOs), who are responsible for securing enterprise networks, face challenges with this new paradigm. The days of relying on the IT department to handle everyone’s cybersecurity needs are gone. It has become imperative for all of us to take a more active role in maintaining the right cybersecurity measures for ourselves. By paying attention and doing work to set things up properly, you can keep yourself and your livelihood safe. After all, like a chain with several links, your corporate security is only as strong as its weakest link. Do you want to be the weak link?
Personally Identifiable Information, commonly referred to as PII, can be broadly defined as any data that could potentially identify a specific individual. Additionally, it may include any information that can de-anonymize a person from other persons or a set of anonymous data.
How many of us have shared secrets, disciplined our children, sought council on how to address a work or family issue, discussed sensitive financial challenges or had a private moment with our children or loved ones in the presence of our smartphones? Most of us? All of us? These are common occurrences in our daily lives which typically happen behind closed doors due to the sensitive nature of the information being discussed or the actions occurring. People say, “you never know what goes on behind closed doors”, until now.
A Personal Perspective on Security Resolutions for 2018
It was our original intent to put together a brief recap of the year in cyberattacks, breaches and exploits. But “brief” hardly seemed possible when we started digging in. Mexican journalist attacks, BlueBorn, KRACK, Broadcom WiFi chip bugs, WannaCry, Loapi, the Equifax hack and all the other DDoS, MITM, malware, ransomware, spearphishing and spoofing attacks made the list, but these are just starters.
Preparing for a business trip – international or domestic – used to be a fairly routine ritual. Not anymore. Carrying those electronic essentials poses new threats to personal and enterprise security that savvy travelers must be aware of.
We hear this when we discuss the breaches to smartphones with people who are often not government intelligence or security professionals – users who are all too aware of these mobile security concerns. Breaches that are executed by competitors, governments and malicious actors of all types like those mobile surveillance attempts on a human rights activist being or a Mexican journalist. When we elaborate on how everyday apps over-reach their intended purpose to pry into the personal lives of users with mobile tracking to listen in on conversations or to track user location data; people say they have nothing to hide. To help shed some light on smartphone vulnerabilities, your smartphone privacy and what’s really at risk when your phone has been compromised, we set out to hack a smartphone and reveal the information that may be accessed through its sensors.