All posts by SecAdmin

Cyber Risk Makes The Top 10

CyberriskAON Risk Solutions, a global risk management firm, recently released its annual survey results.  The 1400 survey respondents included CEOs, CFOs, and Risk Managers to include varying perceptions of risk.  For the first time, cyber risk is listed in the top 10, reinforcing its emergence as a key risk factor. 

 

Damage to brand and reputation was cited as the top overall concern by survey respondents.  Cyber risk has been regularly linked to brand and reputation damage in the wake of data breaches.  C-level respondents ranked financial and economic risks higher while risk managers were more concerned with liability-related risks.  Cyber risk’s addition to the list is seen as agreement on its impact from the boardroom across the organization.

 

The top 10 risks are:

  • Damage to reputation/brand
  • Economic slowdown/recovery
  • Regulatory/legislative changes
  • Increasing Competition
  • Failure to attract/retain top talent
  • Failure to innovate/meet customer needs
  • Business Interruption
  • Third Party Liability
  • Cyber Risk (computer crime/hacking/viruses)
  • Property Damage

Be Smartphone Smart

SmartPhoneIsMoneySecurity is different in the Mobile First era.  We live in a time where it’s assumed everyone has a mobile phone and that it is “smart”, meaning internet-aware, email-connected, and remote control capable.  We carry more computing power in our pockets than was used to put Neil Armstrong on the moon. 

With smartphones, information technology has been consumerized and data lives everywhere.  Personal and business applications and data coexist on the same device.  And, because possession of these devices usually equals control of device content, our risk of losing confidentiality, privacy and security has never been greater than now, in the Mobile First era.

 Being smart about our smartphones includes realizing that attacks can come from more directions, or vectors,  than any other technology we possess.  First, let’s look at some of the attack vectors, vector meaning approach used or vulnerability exploited to gain access.  Just as an airplane vectors in for landing, multiple vectors to your smartphone are available to cybercriminals.

Smartphones Attack Vectors

Small and handheld
Thus, much more susceptible to loss or theft. 

  • A Harris Interactive poll found that 1 in 5 consumers had a smartphone lost or stolen in the past year.

Hyper-connectable
Your smartphone is built to connect easily.  Connectivity is the reason you have it.

  • Your smartphone connects using WiFi and/or Bluetooth technology. 
  • Unless you have a specific reason for a specific period of time, Bluetooth should be off.  Bluetooth is like the single guy at the bar, broadcasting continually “Hey, I’m available”.  It advertises your phone as available for two-way connections.
  • In our search to be always-on and avoid using our data plans, we look for WiFi networks.  The problem is, many of these are unsecured with unknown service providers.  Yet we connect and send secured information over them.  Hackers make it a point to stake out public places such as airports and coffee shops, broadcast networks usually with names like “Free WiFi”, and hijack your connection. 

Jailbreaks
We decide we still like our phone but not our carrier. 

  • So we “jailbreak” from our carrier to move to a new plan. 
  • The problem is we are also breaking the phone’s security model.  In addition to removing the phone from security updates, phones from the same manufacturer have the same default user ID and password.  These credentials are exposed on jailbroken phones.  For example, all IPhones have the same user ID that provide hackers access to everything on the phone. 
  • Going back to the “Free Wifi” network above, hackers look for jailbroken phones by trying the universal user account on every device they find.

Data Loss
Smartphones contain confidential data that can be pirated:

  • To cloud services using copy, paste and forwarding functions
  • Using the phone’s camera, or another phone, to take screenshots

Risky Apps
Not all apps are what they say they are or disclose what they do. 

  • Some simply pirate your personally identifiable information for a hacker’s own use.
  • Others provide your PII and location history to third parties without your permission.  Which may explain why the birds are angry.

Smart Tips for your Smartphone   

Record Your Phone Information
Send yourself a screenshot of your IMEI or MEID and serial number, and save this somewhere other than on your phone.  This information is usually found on the About screen in your phone’s settings.

Be Aware Of Your Surroundings
Many mobile device thefts are crimes of opportunity.  Using your device in public, particularly public transit, or leaving it out makes it an easy target for a grab and run thief.  If you’re on a train or bus, put your phone down or away when the doors are open. 

Don’t Let Someone Borrow Your Phone
This is a variation of the above.  If someone asks to borrow your phone to make a quick call, be prepared to chase them. 

Treat Your Phone Like Money
Exercise the same care with your phone you would with a $100 bill.  You probably would not leave $100 at your table, or ask a stranger to watch it, while you retrieve your coffee order.  The personal and financial data and account credentials on your phone are worth more than $100.

Report Mobile Device Thefts Immediately
To your carrier, local law enforcement, and the help desk (if your phone has access to firm technology). 

Make sure your phone has a PIN and screen lock timer set.
We enforce these settings on phones accessing firm technology.  These safeguards should be in place on all your mobile devices. 

Use Security Apps

Apps like Find My Phone, Absolute LoJack and Lookout can help you locate, lock, and erase lost or stolen phones.  Some apps guarantee recovery, allow you to set an alarm on the phone, or take a picture of the thief.  Antivirus apps are also available and recommended for most phone models.

Regularly back up photos and personal data.
Back up photos, videos, contacts and other data you’d like to retain if your device is lost to USB drives or cloud storage like IPhone.  Your smartphone probably has this service already installed.  Most can be configured for automatic backups. 

Erase It
If you have a security app or a firm-managed phone and regular backups, erase it when you lose possession of it.  If your phone is firm-managed, contact the help desk.  An engineer will be assigned to remove your firm information and credentials.  The longer your phone remains unrecovered, the greater your risk of financial and personal information loss.  Remember, device possession almost always means control of the phone’s contents.