Let's see if I can guess your daily habits. You wake up, probably to an alarm from your mobile device, you roll over and check your email, schedule, and see what the day has in store. From there, you get ready for your day, starting off the morning with some light surfing of social media and news sites, order a coffee on the way to the office—potentially from a mobile app, and the day begins. Sound about right?
It's okay if this sounds familiar. This is almost everyone's daily routine—including mine. And the one common thread that ties this together, regardless of preferred apps, social sites, and so on, is the fact that your mobile device is at the epicenter of it all.
So, what's the issue? After all, with more than 2.9 billion mobile devices worldwide, representing a total of 5 million apps available for download between the Apple app store and Google Play store, what could possible go wrong? Do you really want the answer?
Before we get into the real nitty gritty of mobile cyber security issues, let's first talk about the nature of information on the device itself, and how it can pose a very real and imminent threat to data security.
Long before information leaves your phone, many private data files can be easily accessed by other people who may have access to your device, or through specific apps that may be granted access (or through special circumstances may natively have access to passwords for purchases, etc.), all these pose a threat. In fact, some apps can even access other apps—you see where this is going?
So now let's discuss the connectivity issue. If people and apps can access information that in turn can be sent to … well ... somewhere. This brings about an entirely new set of challenges. And to be clear, none of this is yet to be determined as nefarious. Apps are just apps, but they rely on data to perform their intended functions. It's where the data goes that is the issue.
The first weak point in the chain is the server, as any information shared between the app and the host has to go through one. The best defense for server side vulnerabilities is to implement a simple scanning technology to ensure nothing is being shared that shouldn't be shared.
Now, to get slightly technical for a moment, and I promise only for a moment, there is the issue of something called Insufficient Transport Layer Protection. In a nutshell, this is the route that data takes when leaving the device and traveling to the server itself and back again. If the transport layer is insufficiently secured, hackers can intercept the data. One of many ways to prevent this is to simply require a more robust SSL chain verification.
Okay, so now back to the not so technical, but equally important. Mobile device types such as iPhone and Android are always connected to the cloud—and the cloud is not some magical place that’s hosting your data, it’s just someone else's computer. This connection means that the apps residing on those device types are in constant contact with each other and the outside world.
The biggest issue here is that app developers may not implement the best security protocols, meaning that your apps could be making security decisions on your behalf as to what to share and what not to share—unfortunately, sharing information that you wouldn't on your worst day authorize. This can put you at risk. In these cases, it may be difficult to know what is being shared. This is where mobile device management together with mobile security can greatly help mitigate risk.
In all, I don't mean to scare anyone—perhaps just a little if only for education and safety. Mobile devices remain a major security risk for companies of all sizes. The best defense, find a cyber security partner who knows how to lock these and many more issue down to ensure data remains safe, and people's lives are not affected.
And if you're interested, we are just a call away—that is if you dare use your mobile device to call us in the first place ... maybe email would be better? Oh wait ...
December 14, 2021
LOG4j Vulnerability: What You Need to Know to Protect Your Network
This week, cybersecurity and IT teams around the world are scrambling to protect their networks and data from the Apache Log4j vulnerability. This high-risk vulnerability, which has the potential to affect millions of Java-based applications, is being actively exploited, causing a full-blown,...
October 28, 2021
Sacha Gera, President of IT and Cyber Solutions, weighs in on today's top cybersecurity threats faced by businesses.
The Ottawa-based leader and Forty Under 40 recipient has nearly twenty years of experience in SaaS industries, professional services and M&A, working in technology for both start-ups and large multinational organizations, such as IBM, Nortel and CGI. Sacha joined Calian in September...
Case Study | COVID-19 Response Services
COVID-19: Resources Available for Crisis Response
Calian’s team of emergency management specialists and healthcare professionals are available to support your COVID-19 response. Read more about our services: