Mobile Security
Key to mobile security for law firms? Be smarter than your device
For the full article visit law.com>
September 2021
How many people in the UK own a smartphone?
Well, according to Statista the smartphone penetration rate in the United Kingdom has increased each year, reaching an overall figure of 92 percent for 2021. It might not be a spot on figure but one thing’s for sure – smartphone ownership in the UK is almost a given which means there are many millions of devices being used day in, day out. Smartphones are readily enabled to access the internet and most owners do precisely that. In fact, due to COVID and the impact on working conditions seeing many of us working in a remote/hybrid fashion, people have increasingly been using smart devices to access the internet in response to working from home or on the hoof. So what, you might say? What often gets overlooked as the mobile phones from 10 years ago have morphed into compact, yet powerful computers, is that these modern smart devices are extremely powerful surveillance units that can store all manner of tracking information too. Throw into the mix advanced camera and microphone technology and you begin to understand the potential for disaster.
We live with the reality that the once ordinary communication tool is now a potent device that needs to be used responsibly on the basis that there is a cybercriminal fraternity hellbent on accessing said devices for ill-gotten gain. Such devices are certainly not spared from the ravages of cyberattacks. And don’t think that hackers are only interested in big business targets – they know full well that you and I can potentially provide a lucrative backdoor into such businesses via our personal or business device. Cyber thieves can plunder all sorts of data from your device – ranging from sensitive personal information right through to important company data. To compound things further, people often use their personal devices for work purposes (and sometimes vice versa). And they do so under the assumption that all is locked down and secure (when it isn’t), often doing things on these devices that they wouldn’t ordinarily do on the office computer.
And so we have witnessed the growth of an extensive industry whose core activities are to secure and empower the productivity for workers who now are able to work in distinct locations and frequently use their devices for both work and personal use – most people now work and manage their personal lives in a digital fashion. And one of the main threats to protect against in this landscape is phishing.
Recent findings by cybersecurity provider Lookout make grim headlines. For example, they discovered that over 50% of consumer users had encountered at least one phishing attack during the first half of 2021. And the mass commercialisation of spyware, in a similar vein to phishing tools, also poses a widespread risk. Probably the most efficient way to distribute phishing links is via social engineering. Mobile phishing is an extremely effective modus operandi for hackers, they can deliver mobile malware to their victims via a phishing (sometimes also called spearphising) link. A particularly contentious example of phishing/spyware is the story behind Pegasus. This particularly powerful example of spyware (Pegasus) has the capability to insinuate itself onto your phone, turning said device into a de facto surveillance device. It first was discovered when a journalist had been sent a link from an anonymous mobile number offering tidbits regarding a human rights story they were working on. And with an untold number of iOS and Android apps that have messaging functionality you offer cyber criminals a perfect entry point for attack (i.e. SMS, email, social media or even third-party messaging apps.
And mobile devices merely serve to hugely increase the potential attack surface for any organisation. Think about it. They are able to access the same information as a PC from practically anywhere but are usually used outside of an organisation’s security boundary. The massive proliferation of mobile devices and the resultant increase in attack surface is a perfect storm for cyberthieves – they wait like spiders, waiting to pounce on employees everywhere who have access to sensitive company data and information.
More and more people own smartphones and increasing numbers of people are blurring the lines between personal and work use when it comes to these devices. With the cybercriminal community rubbing their hands together in anticipation of further soft targets, make sure that your organisation takes the necessary steps to secure all devices – these communication tools are not immune to cyberattacks or spyware. Hackers will steal sensitive/personal information, company data and any other digital assets they think might be of value. At least make it difficult for them.