You have probably seen in the news that high-net-worth individuals, famous athletes and entertainers are becoming favourite targets of phone hacking. In some cases, when security experts can’t agree, it’s because mobile device forensics is very limited even to confirm that someone has been compromised and reconstruct what exactly happened.
For business executives, it’s high time to pay attention to mobile security. The last thing you’d want is to be personally embarrassed or professionally compromised.
Mobile phones are becoming a fruitful and surprisingly easy target for hackers. It used to be that businesses issued their executives work phones that used only business applications. But today, our phones are just as likely to hold intellectual property memos as they are to be used for listening to music.
Hackers started by looking for salacious photos and embarrassing text messages. However, now they’ve moved to mobile malware, ransomware and identity theft aimed at penetrating corporate networks and exfiltrating mission-critical data held on the phones of CEOs, board members and political leaders.
Let’s be clear: Your organization’s most sensitive and proprietary data is at risk, in large part because you are routinely accessing it through your mobile phone. And the hackers know it. We must recognize the magnitude and potential impact of this problem and take decisive steps to bolster our cyber defence.
Mobile Phone Security Threats Are Evolving
When we rely on our mobile phones for work tasks, we expand the cybersecurity threat landscape. This is critical to acknowledge because most organizations not only lack a proper understanding of mobile phone threats but also require experienced personnel to address the problem with anything more than essential mobile device management tools.
There are two significant challenges associated with mobile cybersecurity threats:
The Wolf in Sheep’s Clothing. The sheer number of applications we can use on our phones is exploding. Apple and Google are doing excellent work with securing their operating systems, but securing third-party applications remains a big challenge. We’ve added much functionality to our phones, but much of those added features have made it far easier for bad actors to access things like our work contacts and their phone numbers. As hackers work their way into our phones through fraudulent applications which suddenly develop a second life or exploiting vulnerabilities in typical applications like WhatsApp, it’s not a big leap to installing professional malware for jailbreaking, espionage, ransomware or data exfiltration.
No Place Left to Hide. I’ll spare you the technical details, but keep in mind that mobile networks rely on vulnerable roaming protocols like SS7 or Diameter, which are easy targets for cyber threats. Merely having access to your phone number allows hackers with a little investment to trace your location quite easily … or even to take over your incoming calls or text/SMS or WhatsApp messages. These attack methods have been used for a long time, not only for professional espionage but also for large-scale online banking fraud. This is also the reason why banks don’t consider SMS as a secured two-factor authentication approach anymore. All in all, it’s challenging to protect yourself against location tracking or phone or SMS takeover attacks.
But, the good news is that the state of mobile phone cybersecurity is not as bleak as it sounds from the press. Today’s mobile phones, at the device level, have robust security architectures. The ecosystems for the most popular phones—Apple iPhone and Google Android—are highly secure, with strong hardware-based security and isolation approaches. And, unlike other software exploits, exploit code to compromise a mobile device without your interaction would cost attackers millions. A hacker has to make a massive investment if he wants to compromise your mobile phone to exfiltrate your data.
Still, are you going to take a chance on exposing your enterprise’s most critical data due to lax cybersecurity frameworks and practices? Of course not.
What You Can Do Now
There are three steady steps all business leaders can and should do now to harden their phones’ defences:
Security hygiene. We’re all busy at work and ensuring that our mobile phones and apps have the latest patches may not be our top priority. But, if you’re a heavy user of your phone for business, you have to make sure it has the most up-to-date security. Also, antivirus for mobile phones is a myth. Compared to our computers, an antivirus app on a mobile phone will often not be able to protect against malicious apps. The reason is that the hardware-based architecture of the mobile phone forces every app to be isolated from each other. However, one security control which is often overlooked on mobile devices is network security. Instead of routing all your insecurely to the Internet, you can use a secure VPN or Secure Access Service Edge (SASE) solution. Such a solution can block traffic to malicious websites or data exfiltration attempts.
Application hygiene. Any application on your phone can expose data and be used as a bridge to compromise your device. Whitelisting and blacklisting applications are now becoming standard practice for IT and security administrators, and you should follow these practices on your phone as well. For instance, do you need those five messenger applications? Are you automatically downloading content across social media applications? Do your kids or grandchildren use your phone and download games?
Privacy hygiene. I know this will sound like the lecture you got from your parents many years ago, but here goes: Don’t give out personal information, especially your phone number, to strangers. Having your phone number will allow cybercriminals to trace you, physically and electronically, everywhere in the world. And remember that your colleagues, suppliers and customers store your name and other contact details on their phones as well. And this data can be easily exfiltrated by fraudulent applications installed on their phones to expose your number.
The more you use your phone for work reasons, the higher you expand cybersecurity threat vectors into your organization’s applications, databases and data. It’s like opening the door of your factory-wide open and handing strangers an access card to your mainframe and robotics equipment. It can only end badly.
As an executive, you should follow these best practices personally, but also support the deployment and administration of sound mobile phone cybersecurity processes for all employees. You are in a unique, dominant position to send the right message to your colleagues and subordinates. Your phone is every bit as much a computer as any desktop, notebook or server. Protect it accordingly.
More Great Dubai Route Stories
Saudi Arabia and Germany to enhance transportation system and economic relations
The British Council to pay GBP 3,000 for 10 university students in the UAE
Honeywell demonstrates continued commitment to Saudi Vision 2030
Hyundai Motor Group, Canoo to co-develop all-electric platform for future electric vehicles
TIME Hotels targets international expansion in Republic of Tatarstan
Audi and Ericsson present a further pilot project for 5G in production
All products recommended by Dubai Route are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission