Dexter Edward Mobile Security Header

Mobile Device Security: Four Attacks to Look Out For

Dexter Edward Mobile Security Solutions

According to Forbes, 60% of people use a mobile device for work purposes. As mobile usage continues to increase, so does the risk of organizations mobile device security. 

Earlier this year, Amazon CEO Jeff Bezos’ mobile device was hacked through a specially coded WhatsApp message. 

This incidence raises an important point: if one of the most successful technology companies is vulnerable to a data leakage attack, then so are other companies. Mobile security is a major concern for companies in 2020. Nearly all employees routinely access company information through their mobile devices. As with other forms of hacking, knowledge and prevention are often the best defenses against attacks. 

Here are a few of the most common types of mobile devices attacks that are hurting your company: 

1. WiFi Interference

Mobile devices are only as secure as the networks they use to transfer data. Network spoofing attacks continue to increase, but employees often skip securing their connection and instead rely on public networks. This leaves the door wide open for cybercriminals to steal private information. Connecting  to an effective VPN is a simple way to close these doors and save companies from data loss. 

2. Data Leakage

Data leakage, also known as data breach or data spill, is the act of releasing secure or private information to an untrusted environment. This happens when users improperly setup apps on their mobile devices and inadvertently allow apps to see and transfer their information – which is exactly what happened to Jeff Bezos earlier this year. 

Another great example is an employee tracking workouts at a company gym, revealing the headquarters location. 

Data leakage can also be caused by accidental disclosure. Due to the small size of a mobile screen, users sometimes select the wrong recipient when sending information. It’s a simple mistake, but the consequences can be severe. 

3. Social Engineering

Social engineering is one of the top causes of data breaches on mobile devices. These threats typically start with email. Mobile email applications often only display the name of the sender, which makes it extremely easy for an attacker to pose as a high-level user in an organization and fool unsuspecting employees into sharing sensitive information or granting remote access to protected resources. Employees should always be skeptical of email requests for system access or sensitive data. 

4. IoT Devices & Out of Date Software

Internet of Things - Dexter Edward

These days, the latest lightbulbs, refrigerators, thermostats, TVs, tablets, e-readers, and watches might have more in common than you’d expect. Many are part of the IoT, or Internet of Things. An IoT device generally refers to any internet-enabled piece of technology that you might not expect to have internet access, and often doesn’t require human operation. 

And when it comes to network security, that internet-enabled thermostat or refrigerator might not be so “smart” after all. Any device connected to a network is a potential threat, and many IoT devices have glaring flaws in their security, and often unsecured software and unencrypted communication.

Many of these devices are not supported with software updates – essentially becoming an open door for hackers. As the popularity of IoT devices continues to grow, it’s imperative that users understand their flaws and how they can compromise a network.

 

What  can you do to enhance the mobile device security in your organization? 

1. Implement a strong company policy on mobile security. 

This might sound like an obvious solution, but a little can go a long way. Incorporating security requirements into training, policies, and everyday activities can help ensure employees adhere to proper security practices when using mobile devices. 

VPN - Dexter Edward

 

2. Invest in effective VPNs that are easily accessible for employees who work on the go. 

VPNs provide a convenient means of accessing a secure network for accessing sensitive resources. When it comes to everyday users, sometimes accessibility and ease-of-use are the best solutions for preventing security mistakes. 

3. Enforce two-factor authentication (2FA) on necessary applications. 

Though mobile devices bring new risks, they can also provide solutions. 2FA provides an additional authentication step during the login process that requires a code that’s sent to a specified 2FA device. With this method, an attacker with access to a set of user credentials will be unable to sign in without access to the user’s device. 

In this new decade of cybersecurity threats and solutions, is your company incorporating enough mobile security practices to ensure its safety? 

Dexter Edward offers a secure, customizable, and user-friendly VPN service that includes communication and collaboration services, file sharing, and much more. 

Contact one of our industry experts today to learn more about how we can protect your organization in the new age of mobile security threats.

IoT Encryption

IoT Encryption

IoT is Everywhere

Look around you. The normal household or office has at least one smart device (collectively called the Internet of Things, or IoT for short) nearby. Some have more. Some have many. They are useful, save time, and (let’s face it) fun. But just as the stick you played with as a child could have turned around at any moment and poked your eye out, so can the IoT devices of today puncture your Internet security without proper IoT Encryption.

Are we saying you should round up all your IoT devices and throw them into a burning cauldron? Of course not. Though they are all potential vulnerabilities, that doesn’t mean they can’t be protected.

IoT Encryption is Needed

By 2020, Cisco estimates the number of IoT devices will be around 50 billion. One year later, as Cybersecurity Ventures points out, the estimate increases so that there will be roughly three times as many IoT devices as there are people on the planet. Let that sink in for a second: three IoT devices for each human on Earth — all in just two years’ time. Three Internet vulnerabilities for each person on the planet. It’s time for action.

“But why are IoT devices so vulnerable and how did we get into this mess?” you ask aloud to Alexa and Siri. Siri isn’t listening, but Alexa offers to order you an economy pack of paper towels to clean up the “mess.” The short answer to your two-part question is money.

IoT Devices on desk

People like devices they can talk to, devices that let them do things from afar, and devices that let them take control over their world (even if just in such a small way as customizing the color of a light bulb). Companies saw this like of such devices and began pumping them out at insane speeds. Other companies ripped off (or reverse engineered or both) the tech from these first companies and started selling budget IoT devices. This is how we got to the size of the mess. But what about the actual mess?

The mess part involves the software on the devices themselves and the way this software interacts with the Internet. Quite often, especially for the budget IoT devices, the software is composed of copy/pasted, Frankenstein-ed code that accesses the device in your home or office and passes through an Internet portal. This is how you can click an app at work and turn on a light at home. These are the holes in your security we were talking about earlier.

Now, big companies are always testing, improving, and updating their code to improve their customers’ experience and, more importantly, to make their devices more secure. But sometimes they don’t. Often (for both big companies and budget IoT device companies), there is little care about the security of the product, as the company makes its money on the sale and (quite often) the service the product offers. Once the company has your money, their goal has been achieved. But this lack of updates leaves devices vulnerable. And thus, the hole in your cybersecurity becomes a tear.

IoT security

A solution is needed to protect your organization from these tears. Of course, you could just get rid of all your IoT devices, but that’s not going to happen because they are just too much fun (okay, and some are very useful). IoT devices are not just gimmicks or novelties—many have an actual use in your organization. The only solution is to protect them since they won’t protect themselves. We do this by surrounding them with the encrypted protection of Fognigma.

IoT Encryption is Here

Fognigma is a patented enterprise software solution that allows organizations to build invisible, encrypted, and secure networks. [For more information, please visit the About page at https://fognigma.com/why-fognigma/.] Users connect to their organization’s Fognigma network(s) using software (desktop client or mobile app) or hardware options (a Gateway to protect an entire facility or a Wicket to protect a computer, phone, or office).

Let’s zoom in on the Wicket, since it protects devices and not facilities. A Wicket is a small, portable piece of hardware that can be installed between your router and the public Internet to protect multiple devices. Once configured, the Wicket routes all your Internet traffic through a Fognigma network, protecting it with FIPS 140-2 Validated, cascading AES-256 encryption. To protect a single device, a Wicket is configured between the device and your router to attach to a Fognigma network. This small, portable device will help plug all your IoT cybersecurity holes and tears.

An example: You plug a color-change IoT lightbulb into your desk at work so you can have a disco party each Friday. The bulb reaches out through your organization’s Internet connection to a portal run by the manufacturer and then back to the app on your phone. A third-party evildoer can see that there is a connection from your phone to the portal and from the portal to a device inside your organization’s cybersecurity shield.

IoT lightbulb

This gives the evildoer two things: the proof needed to associate you with your organization and a path to follow to breach your organization’s defenses. It’s obvious how bad the second part is, but the first is equally disastrous. [To learn more about why association can be devastating to your organization, read our blog entry on the importance of dissociation.] When connected to a Wicket, however, what a third-party evildoer can learn is decidedly different as the device is enveloped in an invisible shell of, in this case, IoT encryption.

Your app’s connection to the portal will still be visible, as will the portal passing on information to somewhere. BUT the somewhere will not be associated at all with your organization. You see, Wickets allow traffic into Fognigma, but when traffic leaves it goes through an exit point created by your organization to exist almost anywhere in the world. And once that signal passes into your Fognigma network and back to the IoT device, it is invisible to external observation.

This is how Fognigma assists with IoT encryption. This is how Fognigma can plug the holes insecure IoT devices can rip in your cybersecurity. This is why you should contact Dexter Edward today for more information or to schedule a demonstration.