This is the second portion of a three-part series on Cybersecurity advice. In Part 1, I covered general awareness and protection of personal devices. In this post, I will focus on online interactions and provide advice to help ensure you are safe, secure and private in the online world.
When I started my career over 20 years ago, I was issued a corporate laptop with a phone-line dial-up modem and a beeper. For years, the computer was the only device I connected to the corporate network. The computer was provisioned to me complete with corporate standard software and all of the necessary security controls built in. The software was kept up to date by my IT department and the only things I had to do were keep the device physically safe from thieves and avoid losing it. Fast forward to today and things look much different. With the emergence of BYOD (Bring Your Own Device), more personal machines are connecting to the private networks of organizations without the oversight of IT. The presence of these devices increase the risk of exploitation from the outside. Chief Information Security Officers (CISOs), who are responsible for securing enterprise networks, face challenges with this new paradigm. The days of relying on the IT department to handle everyone’s cybersecurity needs are gone. It has become imperative for all of us to take a more active role in maintaining the right cybersecurity measures for ourselves. By paying attention and doing work to set things up properly, you can keep yourself and your livelihood safe. After all, like a chain with several links, your corporate security is only as strong as its weakest link. Do you want to be the weak link?
The first time I heard about “Fake Cell Towers”, I thought to myself, Hold up. There is such a thing as a “fake” cell tower?!? Why would someone want or use a fake cell tower?
Personally Identifiable Information, commonly referred to as PII, can be broadly defined as any data that could potentially identify a specific individual. Additionally, it may include any information that can de-anonymize a person from other persons or a set of anonymous data.
How many of us have shared secrets, disciplined our children, sought council on how to address a work or family issue, discussed sensitive financial challenges or had a private moment with our children or loved ones in the presence of our smartphones? Most of us? All of us? These are common occurrences in our daily lives which typically happen behind closed doors due to the sensitive nature of the information being discussed or the actions occurring. People say, “you never know what goes on behind closed doors”, until now.
You either know somebody or it has happened to you – you have a conversation around your smartphone, check your social media or news feed, and boom, the topics of your conversation are being advertised on your smartphone. Most people’s reaction is usually some combination of “WTF?!?” and “Is my phone really listening in on me?” This isn’t new news, but mobile espionage (the modern catch phrase for smartphones listening, watching and tracking your every movement without you knowing) is certainly getting discussed a lot more, and on many levels.
You can now add Sen. Ron Wyden (D-Ore) to the growing list of government officials and entities urging national security advisors to provide a higher level of security for government smartphones.
Recent news reports, covering two separate incidents, confirm a conclusion we continue to draw attention to when talking with security professionals, our customers and anyone concerned about their mobile security posture: Smartphones are inherently vulnerable, and little – to date – can be done to protect, detect, and remediate the compromises. Without full view into the ecosystem of the phone, software solutions alone will never be enough to safeguard the important information of users and protect their privacy.
The topic of smartphone hacking isn’t likely to make it into Monday morning watercooler conversation. That is of course, unless you are a security professional and the very survival of your organization may hang on understanding it and protecting against it.