How to Troubleshoot Apps for the Modern Connected Worker
Cyber security and mobile devices
1. Cyber Security
Mobile Devices and On-line Threats
Cyber Security
Mobile Devices and On-line Threats
Presented by: Umer
Saeed
2.
3. What is Cyber security
• The term Cyber dates back to the 40’s and 50’s and originates
from the word Cybernetics, which dealt with rise of Control
systems and human interaction with it.
• In simple terms, today the word Cyber indicates Internet or
having to do with computers e.g. Cyber fraud, Cyber security.
• Since its widespread acceptance, Internet has become home of
virtually every activity and huge amount of valuable data.
• Some of that data is extremely valuable and pertinent to
corporate and national security which naturally attracts bad
actors resulting in Cyber Crime and espionage
• Cyber Security deals with the defensive operations carried out
to defend valuable data on computers and especially on Smart
phones against threats like virus, malware, ransomware,
hacking, phishing and various other malicious attacks.
4. Why is Cyber Security more important than ever
• Exponential growth in use of technology and mobile devices to
process data
Massive use by corporations and people
Governments, businesses and people, rely very heavily on various forms of
information
Information, big-data, market statistics are now the key business success factors
Impacts rich and poor, young and adults, men and women
Exposes digital devices users to risks, regardless of gender, age, status
Because these devices play an Irreplaceable role in our daily lives
Abundance of technology and big-data has attractions for cyber criminals
5. Why is Cyber Security more important than ever
• Growing possibility of threats to our privacy and security
HOW - Prejudice about security products/practices due to
Lack of awareness or availability of cheap security solutions
Unavailability of trained security professionals
WHERE - Lack of understanding of magnitude of risks posed to our integrity
Governments, enterprises, businesses and common people fail to realize the
impact of security incidents
WHY - Little awareness by relevant authorities, media and education institutes
The laws on Cyber crime, data leakage, defamation are in their early stages
and provide little deterrence
WHEN – High probability of risks due to
always on, always present mobile/storage devices (e.g. USB sticks, Memory
Cards. Smart phones)
6. Why is Cyber Security more important than ever
• Lack of training and education at grass root level
Lack of awareness of Cyber crime laws, basics of frauds and prevention
Uncontrolled access to harmful mobile apps and websites before proper training
Easy access given to toddlers, teenagers without proper training
Ignoring recommended privacy settings for social media (Facebook, Whatsapp)
• Non-negotiable for business sustenance and growth
Every business needs to operate On-line safely to stay relevant and in touch
with market and its growing consumer base
A requirement for reaching emerging and developed markets
Rapidly rising on-line market as compared to traditional businesses
In most cases, the damages of Cyber crime are irrecoverable
7. Why worry about Mobile devices?
• Mobile devices have largest market share for Internet access
More smart phones sold than Personal Computers and Laptops combined
Easier to carry and operate in contrast to laptops
Offers similar and in some cases, better computing and storage
• Hides in plain sight
Exposed to more threats than a larger device e.g. Laptop
Easy to steal, snatch, abuse data and in some cases leaking corporate resources
Use in public places, large gathering exposing to Fake Wifi and MITM attacks
• Used for same tasks as we perform on Laptops/PCs
Storing and processing Corporate information on the go
Storing confidential files, sensitive and exploitable information
Little or no security for Photos, Online copies of Financial and bank records etc
Hardly any mobile has anti-virus or firewall
8. How Businesses can protect against Mobile Device threats
• Know what needs protection
●
Know what information assets are important for your business to operate effectively
Ensure strictly devised data classification policy exists and is adhered to for all data
Provide training to users to process data diligently according to classification
●
more you invest to train your business/family people, less are the chances of security incidents
Evaluate the cost of data leakage and protect information assets accordingly
●
Cost of data leakage is the cost need to gather same data and same reputation. Two very
different things and yet crucial for business survival.
If you don't get involved, don't expect anyone else to be. Security is a Senior management
responsibility.
9. How Businesses can protect against Mobile Device threats
Protection of Information Assets
Never use pirated PC/Software to process data that is valuable to you, your family or business
Use strong encryption to protect data during operations (i.e. storage, processing, transmission)
Use Firewall, Intrusion Prevention, VLAN, DMZ, honeypots to protect sensitive data
Maintain regular off-line backup of valuable data. Test backups for possible recovery scenario
Avoid using USB sticks to store UN-encrypted data, at all costs
Avoid using Open WiFi and hot-spots in Coffee shops, airport and bus terminals. Use Mobile data.
Use strong passwords. Use pass phrases if possible.
Do NOT share sensitive information over social media
If costs are concern, use Open Source software. There’s an open source software for every need.
Hire only trained professionals to be custodians of information assets.
10. Three basic rules of protection
Protect
Business data
• Train staff and show your
involvement
• Classify Data and employ
controls matching data
sensitivity
• Genuine skills, software and
technology
Protect
Personal data
• Education about abuse of
personal data and misuse of
Social Media
• Use built-in cloud/App-lock
features to prevent device
misuse
• Encrypt valuable data, if you
have to keep on mobile.
11. About Presenter
• 20+ years in Systems and Networks Management, Security
• Held roles with prestigious organizations like British Council,
Arabian Co, ISACA
• Avid supporter of grass-root level, easily available security
education, awareness and training for youth
• Believes in adapting Linux in home as well as corporate
environments to end piracy and security issues
• Trainer for CISA, CISM
fb.me/FutureNOW