AlignMinds Technologies logo

Mobile Security: A Growing Concern in COVID Times

“One single vulnerability is all an attacker needs”
-Window Snyder

Mobile phones are becoming an efficient mode of communication and making life easier. New models and more advanced technology are introduced into the mobiles to meet the needs of people and make their life easier. With the ability to stay connected with people, pay bills online, storing data, taking pictures and many other irresistible features, the mobile phone has become an inevitable part in human lives.

As the different applications and features in a mobile phone make our life easier, it is also raising the risk of exposing our sensitive and confidential data to the hackers.

How do hackers cheat people to get their devices hacked?

The hackers are so much active and finding new ways to cheat people through a fake email, a fake web page etc. Especially, as people are in a state of fear due to this Covid-19, hackers are taking advantage of this situation. They use Covid-19 themes to create urgency and people unaware respond to this malware becoming victims of phishing and hacking. The scammers pretending to provide support and help by providing free meal coupons and such offers, often trick people to believe this is real. People unknowingly fall prey to this by clicking the malicious link and giving access to the personal information stored in their phones. Other sets of attackers persuade citizens to download malware by impersonating health organizations conveying important health information and tips.

Mobile malware, phishing, hacking is becoming common factors of threat in the mobile world. Protection of mobile phone data at personal and at the enterprise level has become very crucial.

How to protect your data in your mobile phones?

Bring self-awareness about security threats, training employees about the security measures, taking enough precaution steps are some good ways to protect the mobile phone data.

Popular brands have their own expert teams to protect their products and their users from attack. For example, Google’s Threat Analysis Group (TAG) is a group of experts that provide a solution to protect their products and their users from phishing and scams. They work continuously to identify new threats and scams in the market.

Various organizations provide several mobile security services such as Mobile Device Management (MDM), Mobile App Access (MAA), Data Leakage Protection (DLP), Identity Right Management (IRM).

Here are few recommended security practices everyone should follow at personal and at enterprise level:

  • Implement robust authentication measures
  • Ensure routine updates and data backup
  • Block suspicious applications
  • Continuous monitoring of connected devices
  • Perform regular health checks

Let’s consider each of the security practice in detail.

1. How to implement robust authentication measures in mobile phones?

At personal level,

Set a screen lock (there are a number of ways to lock your smartphones based on the model of your phone), eliminate unwanted apps, block ads/tracking malware etc in your phone, keep notifications off the lock screen are some of the simple and common ways to secure your mobile phones.

Some more advanced mechanisms to provide secured passwords are providing pattern lock, setting a PIN number, and biometric authentication with fingerprint and face recognition. To make the authentication even stronger, one can combine these authentication methods along with multifactor authentication:

The different levels of authentication that can be applied on mobile devices are listed below:

Username Password authentication is sufficient where the apps are not very sensitive. This is a common form of authentication among social media apps.

Dual factor authentication

This method adds an additional layer of security making it harder for the intruder to get access to the mobile phone and its data. Here, PIN along with security token is used to authenticate users accessing the device.

Three factor authentication

Biometric factor along with this dual-factor authentication makes this authentication more secure to access the devices. The personal attributes of the user such as the voice or fingerprint are also used to authenticate the user in this method.

Geographical location tracking and device information

Geographical location tracking and device information can help prevent fraud by providing limited access to devices.

Behavioural analysis

Bigger enterprises also make use of technology connected to behavioural studies. It helps track any unusual user activities. If any different behaviour is noticed at the user end, they will be subjected to re-authentication. This behaviour also gets included in the Audit Analysis database for further monitoring and analysis.       

The authentication mechanism that an enterprise adopts depends on their needs and ability to adopt security mechanisms. Some enterprise uses OTP to authenticate their user that works well for the enterprise needs. Many banking applications use OTP as a mean for ensuring security.

Other enterprises adopt PKI authentication which utilizes a private non-transferable encryption key stored as a hardware token. They are also recognized by government regulations.  

2. Ensure routine updates and data backup

Ensure the updates are installed in mobile phones. Software updates for the mobile devices include the patches to the security holes for various security threats, so make sure to install the update as soon as they are available. Running an outdated or pirated version of OS could be more prone to mobile malware and malicious attacks.

Data backup is an essential security procedure that must happen at personal and at the enterprise level. The user data can be set for auto backup. How much and how often can be pre-defined.

At the enterprise level, based on how much data to back up and the budget available for data backup processes, they can choose an appropriate media like an external hard disk or NAS box with cloud back up for backing up their data. Other optical storage media like CD/DVD, Blu Ray etc can be considered as other cheaper alternatives, however, their life and capacity could be short.

3. Block suspicious applications

It is worth to check periodically what applications are given access to your device. The malicious apps may contain a piece of code that can extract personal details and other critical data. Before a download, always check the permissions of the app, the number of downloads, ratings, and reviews about the app. Do not download from third-party stores.

There is also good antivirus software available. Some are free, and some are paid but might provide better support. Based on your preferences, you may select a good one that meets your requirement.

4. Continuous monitoring of connected devices

Logging of activities at a various level can help to make access to mobile phone secure. Logging of text messages, social media activities, other web activity, application blocking etc to track any unusual activity can bring better security.

Protection can be made stronger at the enterprise level by using security services by various providers. For Example, AWS Security Hub, you can receive security threat alerts using services like GuardDuty for continuous threat detection.

5. Perform regular health checks

With emerging technologies and evolving security risks, the security aspects have become a huge challenge. Strong security solutions must be in place to identify vulnerabilities and an organization’s risk against real-world threats.

The more we are technology-dependent, the more we are prone to malware and cyber-attacks. It is mandatory that every individual is self-aware about phone security threats and preventive steps to protect their mobile phone data. Every employee at the enterprise level must be trained for security awareness.

Even if all the necessary steps to prevent the threat are in place, the security threat cannot be eliminated, however, it can be mitigated. There could still be attacks and losses, however, those losses could be controlled in a reasonable manner if we are well prepared. Security breaches, the violation to compliance law, data leakage etc. can cause severe damage to an organization’s reputation and trust among their users and business partners. So, it is very critical to adopt enough security measures to protect the data in smartphones and mobile applications.

Implementing effective security measures, making data protection practices a mandate, setting defined protocols for lost or stolen devices, spending money to bring security awareness among employees is a worthwhile investment and would benefit the organization in their long run.

“The only real security that a man have in this world is a reserve of knowledge, experience and ability”
Henry Ford

Making Secure Financial Transactions on Mobile: Always Do This!

For the last few years, our mobile usage grew extremely high and this leads to a huge risk of data theft. Here the Government itself promote digitalisation and there arises a discussion on a very interesting topic of securing financial transactions on mobile devices.

Security for mobile devices has been advancing in an enormous way. But, compared to computers within your home network, mobile devices can be less secure. Here are a few tips you can follow to make your mobile devices more secure and use them to perform transactions that are protected.

How to make financial transactions on mobile secure?

1. Do not download apps from untrustworthy sources

Do not download 3rd party applications from other areas outside the App Store. Download apps only from the official App store for your device. Also, checking and verifying the following things before you download an app will help you with securing all the finical transactions you are going to perform later.

Read Reviews and check the ratings

Imagine ourselves as a customer who is buying a product from a shop. We would usually check the reviews and ratings of the shop and the products before making a purchase decision. Like that, you should undergo a habit of reading the reviews and checking ratings of the app before downloading it. There are apps that are fake and do not reveal much information on the app store. Going through the reviews and ratings will help you with deciding whether the app is useful to you and secure.

Number of Downloads

An app with a high number of downloads is more likely to be genuine and secure. An app with 1 million downloads makes it evident that there is a positive buzz created around the app due to its usefulness and security. A security breach will be less likely in case of such apps since it will affect the wide customer base they have.

Also, due to its huge customer base, the developer will usually have the budget and resources to maintain the security of the app even if the threats surrounding the mobile app evolves. So, using only the most popular apps is an easy way to secure financial transactions or any type of transaction on mobile devices.

Find the vendor or developer

App store shows the contact details of the vendor/developer of the app. Find and learn their security and privacy policies. Check whether your information is used for any other purpose and what are the purposes of sharing user data with third parties, if they are doing so.

Granting Permissions

Do you have a habit of granting all the permissions asked while getting the app installed on your device?

Due to convenience, users have the habit of granting all the permissions without checking what are they and whether they are really needed while installing a new app on their device!

While granting all the permissions allows users to explore the features of the app, granting unwanted permissions may put you in trouble. Asking permission to access the camera or social media accounts may be appropriate for a video editing app. Messaging apps like WhatsApp asks permission to access your messages and contacts. But, a mobile app that in no way is designed to make a call or send messages or email to people is asking for access to contact list may be inappropriate, especially if the app was downloaded from untrustworthy sources.

So, make sure that only the appropriate permissions are granted while installing the app.

2. Strong Password Protection

The first thing a user does in his new mobile is setting up a security password/pattern lock. The reason may be privacy more than security.

A strong password is a better way to protect your device. Nowadays, most of the smartphones are enabled with at least one of these features like facial recognition, iris scan, and fingerprint etc to secure mobile devices, restrict unwanted people accessing them and protect all types of transactions that will be done using the devices. These features offer more security and protection for your devices than a PIN or password can offer.

3. Keep your software updated

You must ensure that software on your devices is up to date. Updating software regularly ensures more security, and since they often fix security vulnerabilities from time to time, hackers will not be able to use them to their advantages.

4. Transactions only through secure mobile websites

In some cases when you have no computer to access online shopping portals to do some shopping and there are no apps available on the App Store to help you with it, you will be forced to use the mobile version of their website. In such cases, using only a secure HTTPS connection to access the website will be the first step to secure your transactions. This is a guarantee that any data passed between your device and the server are only shared between these two machines. Always check whether there is a padlock icon before dropping items to the shopping cart. The padlock symbol usually means that the transactions are protected and the webpage is secure. This also means that you should not be doing financial transactions through websites that do not have the padlock symbol on the address bar or on the top of the screen in case of mobile devices.

5. Don’t pass sensitive information through public Wi-Fi

Any information sends through public Wi-Fi can be accessible by those who have access to the network. So, use only your phone’s cellular network or your home’s password-protected internet connection for doing secure financial transactions.

6. Check bank statements and mobile charges

The majority of identity theft cases and cybercrimes involve financial fraud. So check your bank statements regularly and immediately report if there is any suspicious activity. Authentication through fingerprint can be enabled for banking apps on top of PIN or passwords authentication, allowing you to maintain more security for your financial transactions.

The Bottom Line

As technology is advancing, more techniques and methods and deployed to secure financial transactions. But, frauds and thefts are also on the rise as culprits are leveraging the same technology advancement. It may not possible to prevent all fraudulent transactions and data theft. These are some of the tips you can follow and invest in some type of protection to some extent.

This article is written by Sarath M V, Manager – Finance and Administration at AlignMinds Technologies