Cyber security on mobile devices, from end user to business user. Digital Trust (ep.1)
The impact of continuous technological changes on the way people interact is a visible one, especially when talking about the mobile devices used (smartphones, tablets, etc.). This technological evolution (and the inherent cyber risks) affects the culture and the way we expect to have access to information and to each other. And these expectations are brought by employees to the workplace when making the transition from end user to business user.
But when you can't just rely on trust (or the users’ cyber security knowledge in the context of amplifying attacks in the online environment), there are solutions you can call upon.
End user. Tips for vulnerable consumer categories - children and the elderly
When discussing accessing Internet resources through mobile terminals, we must first consider the vulnerable categories of consumers, namely children and the elderly.
Especially in the case of children (future business users), an early cyber education is essential - not only for the obvious reasons of protecting them, but also for creating a solid knowledge base that will lead to the development of correct behavior in the online environment. For these, it is recommended to set up parental control schemes that target the accessed content (websites, social networks, applications, etc.), with the possibility of resorting to solutions pre-installed in mobile operating systems (if any) or to third-party solutions. The latter are installed on the mobile device (smartphone, tablet), allowing the device to be located in real time, checking the accessed content and even setting an access period to the online content (period of time / day).
As far as the elderly are concerned, the prevention of potential cyber scams (most of them financially) is done primarily through information - the methods of fraud and how they occur must be known in order to detect and counter them easier. From phishing emails or phone calls (i.e. the "accident" method) to fake banking sites, investment frauds or fake banking sites (which you can find out more about here), all of us can be victims of cybercriminals, but the risk increases for this vulnerable category.
Business user. How do you protect company data when the employee uses the work phone for personal purposes?
Most of the times, the mobile terminals made available by the companies to the employees are used for both professional and personal purposes. The problems arise in the context where attacks by mobile applications and social networks (and who does not use them?) unfortunately happen on a daily basis. Precisely because they are the best and easiest malware distribution channels (a large number of users translates into a large number of potential victims), they are also the most common means of becoming victims of cybercriminals.
In these situations, the question is how can we protect the data of the company from the activity of the user in its private environment? Especially since there are multiple cases in which - as a result of accessing personal email, social networks or after installing certain applications on the service phone - cybercriminals get access to sensitive company data.
There are solutions that allow the separation of the two areas (business-personal) by applying different security policies depending on the area in which the user works, certSIGN providing and implementing customized solutions on specific business scenarios for each client.
What can be done through these solutions:
• whitelisting - establishing a list of applications that the user can install;
• blacklisting - establishing a list of applications that the user can NOT install;
• encryption of areas containing business data;
• activating or deactivating certain functionalities of mobile devices (eg camera, location).
Thus, business applications are generally found in a secure area, where there are other security measures, passwords, access credentials.
The conclusion? As mobile devices have become extensions of users, we must accept that the way a person interacts with / manipulates personal data will always be reflected in the way he/she interacts with / manipulates business information. In short - a cyber security "educated" end user will be a bussines user ready to understand and counter potential risks.
Find out more on this topic from certSIGN specialists at Radio Guerrilla!
(invited Dan Ionuţ Grigore, Cyber Security Director certSIGN)