If there’s more to security than encryption – what else do you need?

Cybersecurity

We live in an age where we use our personal smartphones not just for messaging or social media, but potentially for business communications, emails, sensitive documents, banking and as an electronic wallet. Findings from a report[i] that analysed mobile phone thefts for England and Wales back in 2016, revealed that 446,000 mobile phones were stolen in a 12-month period. That is equivalent to 1,222 phones taken each day, and it’s only going to get worse!

When we lose our phones it’s not just the inconvenience and the cost of the handset to take into consideration, it’s the loss of control over our information, both personal and business data. Most smartphones are remarkably easy to access, should a phone fall into the wrong hands. The first defence should be a device password, however according to figures from the crime survey, only 53%[ii] of users have a pin code protecting their device and an awful lot of PIN codes use birth years or other easily guessable numbers such as 1234 [ref: http://www.datagenetics.com/blog/september32012/index.html].

Device Encryption – How good is your password?

Encryption on the device, otherwise known as encryption at rest, protects contacts, messages and confidential documents within an app. If the phone is lost or stolen, the finder or thief can’t read the data on the device without also having the user’s passcode or biometric fingerprint.

However, there is so much more to security than just encryption. For instance, the National Cyber Security Centre (NCSC) recently published its first UK Cyber Survey[iii] which reported that breach analysis found 23.2 million victim accounts worldwide used 123456 as a password. Encouraging users to make good password choices is a vital part of protecting business data, and it doesn’t stop there.

Jailbreaking and App Permissions

With a jailbroken iPhone, it is possible to install apps and tweaks that aren’t authorized by Apple. However, by doing this it also removes the tough security protections that Apple has built into iOS. Keep in mind that not all apps are created equal; some may be harnessing malware that can snoop on users by stealthily hijacking the microphone to record conversations. Jailbreaking is very risky and exposes the phone to malware as it completely removes the protection that Apple built into both iOS and the iTunes App Store. It undermines the phone by fundamentally changing the whole operating system. However, a user can cause just as many problems by installing apps that request a swathe of unnecessary permissions, allowing access to location, audio, files, contacts, etc. that the app doesn’t need, but for commercial or malicious purposes reports back to the app vendor.

Secured communications end-to-end

If data isn’t encrypted, anyone who happens across a phone can get at the files within pretty easily; with encryption added, accessing the same data becomes more difficult. Because cracking encryption is so difficult, it is rarely the attack vector – there are so many easier options, as we’ve just discussed.

Armour’s on-premises solution allows for encryption key generation and management to be controlled within your own premises, allowing administrators to decide on how long a user’s key is valid. Armour also provides the flexibility to have the on-premises solution deployed within the local infrastructure or to the cloud. This provides organisations with the option to host key generation and user data in a secure location, with the internet facing services either in the cloud or in an organisation’s external-facing server zone.

With Armour solutions all user information, including names and numbers are kept private. All data is encrypted within the infrastructure, including signalling (which is the process used to set up the call or message). All messages are encrypted, so they are protected while awaiting forwarding to the recipient (if they are temporarily offline).

Group messaging – are your lists protected?

Armour Mobile Group Messaging provides all of the functionality seen in consumer-grade messaging apps but with enhanced security. With commercial offerings such as WhatsApp, users are part of a global contact list and potentially could be contacted by anyone. Armour Group messaging is a closed user group and only those you add to the system can call and message others. Users can be removed and added to the group as appropriate (whether their phone gets lost or they simply leave the organisation).

The solution enables users to create groups from their Armour Mobile contacts list via a simple process. Once a message is shared, the app confirms the message is sent, and who has received it, listing exceptions (i.e. those that have not received the message because they are offline). Group Messaging also enables voice memos, pictures, video clips, documents and other file attachments to be sent to a group instantly and securely, enabling broader collaboration and communication across organisations.

The security delivered by closed messaging virtually eradicates the risk of opportunistic phishing and fake URLs attacks as messages are confined to within the nominated group of users and Armour’s cryptography includes built-in authentication.

Information Governance

With Armour on-premises, all data can be stored in a known location (e.g. the UK), supporting compliance with the General Data Protection Regulation (GDPR) by controlling exactly where personal data is being stored and processed.

The on-premises solution delivers functionality to audit the system; identifying users and calling and messaging records. The solution also offers the ability to review even the contents of the call or message itself, if needed for legal or regulatory purposes, without compromising the security of the communications between the users.

Additionally, Armour on-premises offers added security to all meta data, a topic we wrote about in this blog (What does your smart phone say about you?). The solution ensures the meta data is kept private, under the control of the organisation and inaccessible to another party.

Protecting your device and your identity

Encrypted devices don’t just secure our data, with the amount of personal and business information stored on our devices today, good device encryption protects our identity.

Even if a thief can’t access a bank account via mobile banking, they could use other information on your phone to perpetrate identity theft and fraud. With many of us using budgeting and expense-tracking apps, these contain sensitive information about spending habits, which thieves can use to avoid raising red flags with a bank or credit card company. By developing good cyber habits to protect sensitive, private and business communications, users are also actively safeguarding their identity and are less likely to be a victim of identity theft, financial fraud or phishing scams.

Cyber crime is sharply increasing and attacks are growing more sophisticated. It is no longer international governments that should be concerned about lost or stolen devices, with confidential business dealings and commercially valuable information stored on smart phones and laptops, organisations should be assessing the risk and acting.

Armour’s solutions for secure communications work on everyday smartphones, tablets and Windows 10 desktops. With the same usability as consumer-grade apps, but with significantly enhanced security it could be the answer to your security needs. Contact us today to discuss a solution.

[i] ONS Gov Crime Survey England & Wales

[ii] Home Office: Reducing mobile phone theft report

[iii] NCSC UK Cyber Survey 2019

Other news you may be interested in

The latest selected blogs from our clients, and sometimes a thought leadership piece or comment from ourselves too.