Importance of mobile device security – In the today’s world, it is very unusual to find anyone who doesn’t own some kind of mobile device. Mobile phones or tablets are manufactured by numerous number of companies and there are many different service providers that equip the majority of world’s population with mobile devices.

It is estimated that the number of mobile phone users by 2019 will surpass five billion people around the globe. In addition to the social and economical effects of this massive increase, there is a definite increase in the number of cyber crimes. Cyber criminals have taken advantage of this massive growth and developed methods to take advantage of the increased number of possible targets.

There are many opportunities for cyber-criminals to access their targets: through apps, operating systems and software, and by identifying and taking advantages of defects in security before the programmers do and a patch a released.

Threats to Mobile Device Security

An outdated view of hacking, malware or viruses would limit this activity to desktop computers or laptops. The reality is that mobiles are just as at risk. In fact, reported incidents are in the range of 16 million attacks. A mobile device can be at risk from several different methods, some of which include:

Malicious, or Insecure Apps

Malicious or insecure apps contain cyber security flaws in data storage, communication, or authentication practices, meaning they contain at least one common security vulnerability that can be exploited.

Data Sniffing

Data sniffing by capturing, monitoring and scanning traffic moving across a network. Active sniffingwill monitor traffic and it can also alter it in some way to the like of the attacking party.

Fake WiFi Networks

Fake WiFi networks poses as a legitimate wireless service provider to intercept information that users transmit.

Vulnerabilities

Vulnerabilities within operating systems can be used to gain control of mobile devices, and depending on the operating system and its software, some mobile devices can be easily patched. However, others may be more difficult to patch, which could leave them vulnerable.

Inactive Apps

Inactive apps that are installed on mobile devices but unused and have unsecured access to personal and corporate information pose a significant danger to devices if they are not uninstalled properly.

In addition to the above threats, mobile devices are also susceptible to physical attacks due to their portability.

But all is not lost. Here are some practical steps that will help you minimize the exposure of your mobile device to digital and physical threats.

Mobile Device Security Tips

Use strong passwords and/or Bio-metrics

Passwords are always important, but even more so when you consider that the device could be stolen and in the possession of someone who has unlimited access and time to try various values.

Screen Lock

The display should be configured to time out after a short period of inactivity and the screen locked with a password.

Remote Wipe/Sanitation

Many programs, such as Find my iPhone or Google Play Protect, even Microsoft Exchange Server (if an exchange email is configured on mobile device) allow you to send a command to the mobile device that will remotely clear the data on that device.

Physical Security

Mobile devices, such as tablets, mobile phones, and smartphones, must be properly stored and secured in a cabinet or safe when not in use.

Utilize VPN

Enforce the use of virtual private network (VPN) connections with a strong protocol like IPSec between the mobile device and enterprise servers, especially if connecting to an insecure open wireless network.

Encrypt your device

Data should be encrypted on the device so that if it does fall into the wrong hands, it cannot be accessed in a usable form without the correct passwords.

Disable Unused Features

Every feature has the potential to be another point of vulnerability in a mobile system, so it’s good practice to disable any features that don’t serve a purpose in your organization.

Install an Antivirus Application

A mobile antivirus solution will protect devices against malicious code (such as xCodeGhost and iBackDoor) embedded in apps. Here is a quick list of the most popular mobile antivirus application:

• Kaspersky lab (AppStore, Google Play).
• McAfee (AppStore, Google Play).
• ESET (Google Play).
• AVAST (AppStore, Google Play).

Disable Wi-Fi and Bluetooth When Not Needed

Disable Wi-Fi and the discovery setting on Bluetooth connections to prevent bluejacking and bluesnarfing attacks and avoid connecting to an insecure open wireless network.

Software Updates

Keep the mobile operating system and its apps up to date. Everything from the mobile operating system to the games and miscellaneous apps are potential gateways for hackers to compromise the mobile device. Updating mobile devices and apps on a regular basis ensures the best protection against most mobile security threats.

Other mobile device security tips

Perform Regular Mobile Device Security Audits

At least once a year, conducting mobile security audit helps companies keep their compliance programs up to date, effective and aimed in the right direction.

Perform User Education

Implement a continuous information security awareness and training program that teaches employees about mobile device threats and enterprise mobile device management and security policies.

The Bottom Line in mobile device security

Mobile device security should be a primary concern. It isn’t simple to accomplish, and new attacks occur every day through new vulnerabilities. You need to always be aware of and notice anything unusual that happens on your device.

We hope that the tips mentioned in these article will help to enhance your mobile device security. If you like this article please subscribe to our newsletter and share with your friends.

Also check out how can you raise awareness among employees enhanced mobile devices usage and various other information security domain here.

The post Mobile Device Security appeared first on CIATEC.

SSL certificate stands for Secure Socket Layer, and it is used to create an encrypted connection between website visitors devices (clients) and the server hosting the website.

In a nutshell, an SSL certificate is used to secure personal information that is being entered into a website such as usernames, passwords, address and credit card information.

SSL Certificate components

The certificate is composed of the following components:

• Digital signature of the issuing authority or the verifier
• The certificate key or serial
• Certificate expiry date
• Certificate owner

Do you need SSL certificate for your website?

If your website collects any sort of user information it will require an SSL certificate to keep the transfer of this information to-and-from the web server secure. Moreover, google chrome started in July, 2018 marking website without SSL certificate as “Not Secure”. So if you care about your search engine ranking, you definitely need to setup a certificate.

In the Let’s Encrypt era, where SSL certificates are given for free, the question is not whether you need a certificate for your website or not, because you most probably do. The question is whether you should go for a free or paid one.

When should you start paying for your SSL Certificate?

To answer this question first we need to look at the difference between free and paid certificates.

Verification Level
Free certificates provides domain validation (DV) only, whereas paid versions provide organization validation (OV) and extended validation (EV), meaning that they provide validation for the site owner organization and not just the domain name.

Duration
Free certificates usually have a validity period of three months while paid certificate can be renewed once every three years.

Support and Warranty
All paid certificate comes with backend warranty several support packages to purchase and tech support are only a chat window or email message away. Obviously, free SSL comes with no warranties and if something goes wrong on the verifier’s side, you’re on your own.

So both choices provide a website with the famous green https lock. But the bottom line is that free certificates are great for a blog or an informative website that does not have much more than a simple contact form and a newsletter subscription. However, if trust a major issue for online business- and in most cases it is- especially in e-commerce websites, then paid certificate is the only option.

Where to buy?

When it comes to paid service providers there are many choices, where budget and service levels are the most deciding factors. To name a few service providers:

• DigiCert – digicert.com
• Symantec websecurity – acquired by Digicert in 2017
• VeriSign – verisign.com acquired by Symantec in 2010
• Sectigo – Formerly Comodo – sectigo.com
• GoDaddy – godaddy.com
• Network Solutions – networksolutions.com
• Cheap SSL Security – cheapsslsecurity.com
• RapidSSL – rapidsslonline.com

Need help?

Hope that this article was helpful, if you require any help with setting up SSL certificate for your website let us know here. We’ll be more than happy to help.

The post What is SSL Certificate? appeared first on CIATEC.

If you are reading this on an iPhone, you might want to stop reading and immediately go into your settings and disable Facetime.

Apple confirmed an unpatched bug in group Facetime app that allows a caller to see and listen to you without even picking up the phone!

The bug was reported in January 21st by @MFT7500

My teen found a major security flaw in Apple’s new iOS. He can listen in to your iPhone/iPad without your approval. I have video. Submitted bug report to @AppleSupport…waiting to hear back to provide details. Scary stuff! #apple #bugreport @foxnews

— MGT7 (@MGT7500) January 21, 2019

It is worth mentioning that this major privacy issue was reported days before the world celebrated #DataPrivacyDay on January 28th.

The post [Awareness] Disable Facetime on your Apple Devices till a Patch is Released appeared first on CIATEC.