If you saw someone walking down the street with their open wallet or purse in full view, you'd think they were being reckless. Who would just leave their personal belongs out for anyone to see or take? As individuals, we're conscious of the dangers of theft and conditioned to be careful with our belongings - but when it comes to our connected devices, any semblance of caution seems to disappear.
We see our smartphones, tablets and increasingly our smart watches as our vital means of communication and connection. So we move between work and leisure without changing our behaviour; we walk out of our office door talking on our phones or checking the Internet and complete our commute without a break in usage. By doing so, we are opening ourselves up to huge risk. Risk of theft. Risk of fraud. Risk of cloning. And, ultimately, risk of huge financial pain.
Studies show that people either don't understand these risks, or tend to revert to the age old adage of 'it won't happen to me'. With statistics demonstrating that cyber crime is increasing at a frightening pace, it's time to change our attitudes. It's time to treat our connected devices with the same duty of care that we afford our wallets and purses.
The first step in making this change is to better understand the risks related to the small devices in our pockets:
1. Your Lost Phone Is A Hacker's Treasure
Lost phones are the number one cause of data breaches. Our photos, emails, text messages and our apps can be an open door for thieves into our personal information, privacy and financial accounts.
2. Spoofed Hotspots
Spoofed hotspots are Wi-Fi access points created by hackers. The hotspot imitates a legitimate Wi-Fi access point provided by a nearby business, such as a coffee shop that offers free Wi-Fi access to customers. By logging into the Wi-Fi, an unwitting user accidentally gives the hacker access to their laptops. The hacker can then steal login credentials and redirect the victim to malicious websites.
3. The Inside Job
74% of businesses feel vulnerable to the insider threat. That is, a data breach caused by an employee - be it intentionally or unintentionally. Despite the modern hacker's sophistication, insiders have an unwavering upper hand over any external actor. That's because insiders like you and I already have access to internal files from our devices that then travel, in our pockets, outside of the business with us.
There's no denying that access to certain business information from wherever we are is a must, if we are to do our jobs well. The issue is that this access makes us a continuous vulnerability to business. Either through a careless mistake or purposeful action, an employee can create catastrophe for their business if business information on our personal devices gets into the wrong hands.
4. Missed Updates
We've all been guilty of it. You're rushing to hit a deadline, and you ignore that small notification that pops up in the corner your screen or notification pane on your phone, reminding you to install a new software update. You would never think that missing an update could leave your company or personal details vulnerable to cyber attacks. However, as the recent ransomware attack that hit NHS trusts across the UK shows, the failure to keep software up to date can do just that.
5. Fake Apps
Fake applications are on the rise. These impostor apps can trick you into revealing sensitive data or login details. Some can also install malicious software on your device that gives the hackers control over other functionality, or allows them to monitor your activity in the background, potentially watching which websites you visit or what you type.
Top Tips To Halt A Disaster
The best way to avoid these threats is with vigilance and care. Some of the very simplest security measures can make a huge difference. Always having password protection and enabling multi-factor authentication for services that offer it are a simple but very effective first line of defence.
If you work for a large corporation and/or often work remotely, it might also be worth talking to your IT team about the mobile security solution it has in place. There are solutions out there that can keep sensitive data on a phone, laptop or tablet completely secure, without you having to download anything onto your device. This also means that, if you ever lose your phone or tablet, your IT team could remotely wipe the important sensitive data quickly and easily, so you wouldn't have to worry about a simple mistake causing a catastrophic data breach for your company.
When using public Wi-Fi, simply make sure you don't access a hotspot that looks even the slightest bit dubious. If in doubt, check with someone who works in the location you're trying to access from (hotel, coffee shop, airport, etc.) and never access a strangely named hotspot, no matter how urgently you need to get online.
Security requires small, but necessary, changes to our habits. For example, making sure that you install software updates when prompted, unless told otherwise by your IT department. Always check to make sure your mobile apps are legitimate by looking closely at developer information. Check reviews to ensure they are not short and generic, as these are usually paid-for. If any requested app permission seem suspicious, avoid installing the app. When in doubt, always talk to your IT team about new software.
It really is time we take the same care over our digital identities and devices that we do with our physical possessions. With just a bit of know-how and a more concerted effort to take the threat seriously, we can help make sure our important information doesn't get into the wrong hands.