It’s October, which means it is Cyber Security Awareness Month! The entire month of October is dedicated to raising awareness for cyber security in our everyday lives, and I feel the next few weeks of blog entries should reflect that.
Cyber security isn’t just something we need to worry about in a corporate environment. Quite the opposite, by raising awareness of cyber security concerns that can hit the average person, they will be that much more diligent in their corporate lives as well!
This week is Phone Week, which means that we will be focusing on key items and tasks you can do to protect that immeasurably useful device we have all come to be dependent on, our smart phone.
Operating System (OS) Updates
Did you know that your mobile phone can get an upgrade? It’s true, and it’s quite important. We know all about Android and iOS, the classic operating systems of Google and Apple respectively, but we don’t always realize that they are operating systems similar to Microsoft Windows or Apple OSX on our laptop and desktop computers. These mobile OSs can also contain vulnerabilities that need to be patched, just like our regular computers, or they can have some nasty consequences.
Mobile OS updates are fairly straightforward and should be done regularly. Some phones will do this automatically, but I would strongly recommend checking regularly, maybe once a month, just to see if there is a new update available. The Government of Canada has a great little vide available on updating your mobile phone that you can watch here.
If you’ve never heard of smishing, you’re not alone. It’s one of those words that was made up by a security researcher who was being clever. It is essentially phishing via an SMS (or text) message on your phone. There are a few different phishing sub-classes like smishing, such as vishing (voice phishing), spear phishing (targeted phishing against a group or company), and whaling (phishing that targets high value targets like executives).
Smishing messages will often include a short link URL, i.e. a URL from bit.ly, TinyURL, or a similar service. The idea is to hide the original URL, which most likely is a phishing site designed to steal your credentials. Other smishing messages may tell you to text STOP or similar words to a 6 digit number. These may be texting scams that serve to either verify your number works, or charge you a fee for sending messages to that number, similar to how some charities work. When in doubt, contact the supposed sender a different way, such as calling them on a publicly posted number. Never click on links or send text messages unless you are absolutely certain you know the sender. The Government of Canada has some more information about different forms of Phishing that you can check out here.
I love multi-factor authentication, and it’s usually one of the first things I instruct a client to enable if they haven’t done so. Google has an excellent report on how effective multi-factor authentication can be that I highly recommend. Given most multi-factor processes use your phone, this is a great item to include in this week’s article.
There are lots of options when discussing multi-factor apps, but I would recommend using Authy over Google Authenticator for one simple reason - it is a lot easier to migrate you multi-factor codes from one phone to another! Authy allows you to use a backup password to migrate between phones, provided you are using the same phone number. You can do this with Google Authenticator as well, but the process is a lot harder than it should be, so Authy gets my vote.
Another thing I want to remind people is to copy down those backup codes when you enable multi-factor authentication! I keep mine in my password manager as a secure note for each site. Trust me, they come in handy if you lose or break your phone and you really need to get into a particular website.
Would you like to learn more about why multi-factor authentication is so important for cyber security? Check out another article from the Government of Canada!
Happy Cyber Security Awareness Month
Hopefully this week’s article provided you with some insights on how to better protect your smartphone and improve your own cyber security posture. Please share this with some non-technical people in your lives, since ultimately the better all of us can do, the better all our companies can do against cyber security threats.
At EliteSec, we would be more than happy to discuss the security concerns you may have at your organization and how we can help to bridge those gaps. Contact us today and we’ll have a candid discussion on what pragmatic solutions we can come up with for your unique needs.