Posts

4 Critical Steps to Mobile Security (iPhones, iPads, Laptops)

, ,

Is your favorite gadget burning your bottom line?

No, I’m not referring to the unproductive hours you spend on Angry Birds. I’m talking about mobile security.

Why is Mobile Security So Vital?

Think about the most indispensible gadget you use for work – the one without which you cannot survive. I’m taking a calculated guess here, but I bet your list doesn’t include a photocopier, fax or even a desktop computer. Business people have become highly dependent on digital devices that keep them connected, efficient, flexible and independent no matter where they are. In other words, we are addicted to our mobile gadgets: iPhones, Droids, BlackBerrys, iPads, tablets, laptops and the corresponding Wi-Fi connections that link us to the business world.

To stay nimble and ahead of the game, we must be able to respond to any request (a call, email, social media post, text message), research anything (a client’s background, solutions to a problem) and stay current on what’s happening in our field of influence (breaking news, tweets) even when we are out of the office.

But the same gadgets that give us a distinct competitive advantage, if left unprotected, can give data thieves and unethical competitors a huge and unfair criminal advantage. The net result of organizational data theft can be devastating to your job security, your bottom line, and your long-term reputation. The solution, of course, is to proactively protect your mobile office, whether it’s digital, physical or both. Mobile security is not optional.

Data Thieves Target Mobile Offices

What is a mobile office? If you own any of the gadgets listed above and use them even in minor ways for work (checking email, surfing, social media), you have a mobile office. Smartphones and tablets are more powerful than the desktops of just three years ago. Laptops are the bull’s eye for data thieves, though their attention is quickly moving to smaller, easier-to-steal gadgets. If you work out of your car, travel for your company or have a home office in addition to your regular workplace, you are a mobile worker.

Ignoring the call to protect these devices is no different than operating your office computer without virus protection, passwords, security patches or even the most basic physical protection.  If you do nothing about the risk, you will get stung, and in the process, may lose your job, your profits and potentially even your company. The threat isn’t idle – I lost my business because I refused to acknowledge the power of information and the importance of protecting it like gold.

To protect yourself and your company from becoming victims of mobile data theft, start with the 4 Critical Steps to Defend Your Mobile Gadgets:

  1. Make sure that employees aren’t installing data hijacking apps (like the Chess app that was pulled from the Android Marketplace because it was siphoning bank account logins off of users’ smartphones) on their smartphones and tablets thinking that they are harmless games.
  2. Implement basic mobile security on all mobile devices, including: secure passwords, remote tracking and wiping, auto-lock, auto-wipe and call-in account protection.
  3. Only utilize protected Wi-Fi connections to access the web. Free hotspots are constantly monitored by data sniffers looking to piggyback into your corporate website.
  4. Don’t ignore non-digital data theft risks like client files left in cars, hotel rooms and off-site offices. The tendency to over-focus on digital threats leaves your physical flank (documents, files, paper trash, etc.) exposed.

John Sileo is an award-winning author and international speaker on the dark art of deception (identity theft, data privacy, social media manipulation) and its polar opposite, the powerful use of trust, to achieve success. He is CEO of The Sileo Group, which advises teams on how to multiply performance by building a culture of deep trust. His clients include the Department of Defense, Pfizer, the FDIC, and Homeland Security. Sample his Keynote Presentation (he shares how he lost $300,000, 2 years and his business to data breach) or watch him on Anderson Cooper, 60 Minutes or Fox Business. 1.800.258.8076.

Mobile Security Webinar: Defending SmartPhones, iPads, Laptops Against Cyber Attacks

,

Cyber Attack Webinar - John Sileo

  • Are iPhones, Droids and BlackBerry mobile phones secure enough to be used for sensitive business?
  • What is App Hijacking and how do I keep it from stealing all of my GPS coordinates, contacts, logins and emails?
  • Given that laptops account for almost 50% of workplace data theft, how do I protect myself and my company?
  • Are Wi-Fi Hot Spots a recipie for data hijacking disaster and what is the alternative?
  • How do I protect my personal and professional files that live in the cloud (Gmail, DropBox)?

Free Webinar – Cyber Attack: Data Defense for Your Mobile Office

In the information economy, tools like the iPad, WiFi and smartphones have shifted the competitive landscape in favor of mobile-savvy businesses. But are you in control of your information, or are you being controlled? Learn how to be in control of your critical information while protecting your business’ mobile-digital assets.

This Webinar series, sponsored by Deluxe®, is a multi-part interactive Webinar series designed to address these topics and provide simple, actionable tools to protect and enhance the efficiency with which you run your business.

In this class, Cyber Attack: Data Defense for your Mobile Office, you will learn how to:

  • Protect smartphones and tablets from common attacks, including app hijacking, Wi-fi Sniffing, Link Jacking and other criminal tools.
  • Weigh the pros and cons of cloud-computing model (Gmail, SalesForce, online billing).
  • Lock down Wi-Fi data leakage in the office and on the road.
  • Protect your traveling office in hotel rooms, airports and off-site offices

Interactive Q & A to follow. All registrants will receive a FREE Whitepaper after the webinar.

Tuesday, January 31, 2:00 – 3:00 pm EST | 1:00 pm – 2:00 pm CST | 11:00 am – 12:00 pm PST

Your Apps Are Watching You

,

Statistics say 1 in 2 Americans will have a smart-phone by December 2011. Many people keep their address, bank account numbers, passwords, PIN numbers and more stored in their phone. The mounds of information kept in smart-phones is more than enough to steal one’s identity with ease.

What most people don’t consider are the applications that they are using on a daily basis. What information is stored there? According to a recent Wall Street Journal article, more than you think.

After examining over 100 popular apps, they found that 56 transmit the phone’s unique device ID to companies without the user’s knowledge. Forty-seven of the applications transmitted the phone’s actual location, while five sent other personal information such as age and gender.  This shows how many times your privacy is potentially compromised without your knowledge, just by playing music on Pandora.

Here are a few of the culprits:

  • Textplus 4 is a popular text messaging app. It sent the unique phone ID to over 7 different ad companies.
  • Pandora, a popular music application for both smart-phones and computers sends age, gender, location and phone ID to many advertisers.
  • Paper Toss sends your phone ID to 5 different advertisers.
Smartphone providers such as Apple and Google state that they make sure applications get approval from users in order to transmit this type of information. Apple declined to comment after it was found that a popular pumpkin carving app was sending location information without gaining permission first.  Although it is written in Apple’s privacy policy that apps must obtain permission, this clearly is not happening. On the other hand, Google, creator of the Android, does not monitor their apps and what they are transmitting at all. Neither company requires their apps to have privacy policies and 45 of the 100 apps examined didn’t have one.
Here’s what you need to know in a nutshell:
  • Apps are capturing and transmitting a variety of your personal information. If you are using smart-phone apps, your information is being transmitted.
  • Paid apps tend to transmit less personal data than free apps. After all, the free apps have to make money somehow!
  • Get rid of any applications you don’t use.
  • If an app gives you the option to opt out of information sharing, take it.
Even if the application you are downloading and accessing does ask for your permission to gather location information, they don’t disclose who they are sending it to or how they are using it. With so many loop-holes, inconsistencies, and a lack of policing applications, it is clear your information will continue to be transmitted without your knowledge or permission.

Cellphone Security: Can You Hack into a Smart Phone?

Hack into a smart phone? It’s easy, security experts find.

In a new LA Times article security researchers Nick DePetrillo and Don Bailey have discovered a seven-digit numerical code that can unlock all kinds of secrets about you.

It’s your phone number.

Using relatively simple and some old-school techniques almost anyone can hack into your smart phone. With the new wave of cellphone applications and a lack in cell phone security, you are leaving your mobile device vulnerable to identity spies and thieves. Anyone, trustworthy or not, can create an iPhone application and with over 250,000 apps people are doing just that. How do you know that the application you are downloading and allowing to access your cellphone  is legitimate? In most cases – you don’t.

Apple says they do certify the security of every application they offer in their app store, but acknowledges that malicious applications have snuck through. The Android Marketplace and Blackberry App World place users in charge of their own security. Some of these malicious apps can track your location, read your text messages, listen to your voicemail and one was able to turn on your microphone to eavesdrop on the user.

Of course all of the application stores will remove false apps when they are aware of them, but it can sometimes be too little to late. When downloading applications do your research. Know which can be trusted and which should be avoided. If an application for a news site or game asks for permission to access your text messages your privacy reflex should go off telling you that they don’t need that information.

Always remember that common sense is your best defense against malicious attacks and identity thieves.

Read the Full LA Times Article.

John Sileo became America’s leading Identity Theft Speaker & Expert after he lost his business and more than $300,000 to identity theft and data breach. His clients include the Department of Defense, Pfizer, the FTC and the FDIC.  To learn more about having him speak at your next meeting or conference, contact him by email or on 800.258.8076.

Cell Phone Tapping Solutions | Sileo Group

cellphoneTapping Cell Phones: Identity Theft Solutions

Last week at an identity theft speech for the Department of Defense, I met two soldiers who alerted me to the new security risk of Cell Phone Tapping. SigInt (or signal interception) has long been a part of warfare and espionage. But the possibilities erupt with the advent of cell phone tapping. Imagine the conversation of a soldier being overheard by the enemy – deployment details, troop locations, command structure, strategic and tactical information. The prospect is terrifying for our national security.

This week, I was asked to help with a case of domestic abuse: the husband had installed Cell Phone Tapping Software (like computer spyware or keyloggers) on his wife’s phone prior to their divorce. During the divorce proceedings, he listened to every conversation, read every email and text sent from her phone, and could even control her calendar and applications (thanks to iPhone Tapping Software). Because of GPS tracking, he always knew where she was. When she switched to a new phone number and iPhone, iTunes must have synced the malicious software to the new phone along with all of the legitimate programs – allowing the abusive husband access to the new phone and continue stalking her. Cell phone tapping software allows the user to perform all of these tasks without your ever knowing it:

  • Silently record the entire text of all SMS text messages (allowing them to read all of your incoming and outgoing text messages)
  • Log information about each call (so that they know who you called, when and for how long)
  • Provide actual GPS positions (so that they know where you are anytime your phone is on)
  • Receive a text message when someone uses the cell phone so that the spy can call in and listen to everything being said (every conversation you have can be overheard and recorded)
  • Turn the cell phone into a remote listening device, even when the phone is not open or in use (allowing the spy to listen in on conversations anytime your cell phone is near)

Shortly after the identity theft speech,  I ran into this video from WTHR Indianapolis about tapping cell phones that corroborates all that I had learned – make sure you watch through to the end (you may need to double click to play the file):

If you are having trouble viewing the video, or want to see it in the original, please view their entire news story on Cell Phone Tapping.

Tapping a cell phone is quite easy with the right software (which can be purchased very inexpensively and legally). You see, the software was designed for “legitimate” purposes:

  • parents who want to track their child’s usage and text messages
  • husbands & wives who want to determine if their spouse is cheating on them.
  • businesses that need to enforce Acceptable Use in Vehicle Policies on company-provided phones or track their employees by GPS
  • law enforcement officials use the software to catch child predators
  • You can also back up your own cell activity as a record of all important text conversations and travels.

And now cell phone tapping software is being used by stalkers, hackers and identity thieves for around the clock surveillance.

Cell Phone Tapping Solutions

Until there is a better solution, your options are minimal:

  1. Password protect your cell phone so that only you have access (this isn’t as safe as it sounds, but it’s a start).
  2. Don’t allow anyone to have physical access to your cell phone if you think they have a reason to tap your communications (competitors, angry spouses, ex-partners, etc.).
  3. Consider turning off the GPS function when you don’t need it. This makes it harder for someone to track your location.
  4. Consider pulling the battery out of the phone if you are in a conversation where you do not want to be heard.
  5. Keep your eye open for software that detects spyware on your phone.
  6. If you have a cell phone issued by your company, they probably reserve the right to monitor your location and potentially to intercept your communications. Watch what you say.
  7. If you are in the military and feel like your phone is tapped, alert your S2 or InfoSec contact.
  8. Check back here frequently so that I can keep you posted on the latest developments.

John Sileo is an an award-winning author and keynote speaker on identity theft, internet privacy, fraud training & technology defense. John specializes in making security entertaining, so that it works. John is CEO of The Sileo Group, whose clients include the Pentagon, Visa, Homeland Security & Pfizer. John’s body of work includes appearances on 60 Minutes, Rachael Ray, Anderson Cooper & Fox Business. Contact him directly on 800.258.8076.