Rogue Users – What would you do?

Trump and his foreign nation state eavesdroppers

According to a recent article in the New York Times, conversations on the President’s mobile phones are being listened to by the Russians and Chinese.  As we’ve reported on many occasions, listening in to standard mobile phone conversations is fairly straightforward with IMSI-catcher from just $20, and especially with the resources of a nation state.  The article goes on to explain that the Chinese are monitoring who the President talks to and who influences him.  They are learning what arguments tend to win him over and using that intel to avoid a trade war, so the story goes.

How interesting are your users?

All this begs the question, if the Secret Service, CIA and FBI can’t control one rogue user, how can any organisation be sure that their employees toe the line when it comes to security? As ever, Bruce Schneier articulates the problems of security of mobile devices in his blog very well, and makes the point that it’s not just the President and other heads of state that are at risk.  Anyone who is potentially interesting to criminals or commercial competitors could find themselves subject to eavesdroppers, whether a CEO of a quoted company, any number of sales people, company executives, product developers with trade secrets and intellectual property to protect, or government officials involved in a trade negotiation – I imagine all those involved in the current Brexit dealings are under a huge amount of scrutiny!

Good advice – but does anyone listen?

The UK’s National Cyber Security Centre (NCSC) has a plethora of advice and user guidelines.  All of it is written in easy to understand language, specifically for organisations to re-use with their own employees. Its advice for end users is a case in point.

While all of this seems fairly basic stuff, if you live and breathe cyber security as we do, the following are still good ways to avoid the majority of cyber threats:

• Use strong passwords and don’t reuse them between different accounts
• Be careful which apps you download
• Only use secure/known WiFi connections
• Don’t leave your device lying around
• Don’t open phishing emails
• Don’t visit dodgy websites
• Be extra careful about what networks you use when abroad
• Only use secure methods of communication when dealing with sensitive information

Making security invisible

The inconvenience of not being able to make a call, send a message or text exactly when you want to is just too much for many workers who are under pressure to perform in today’s always on culture.

Security has to be designed into the apps that we use daily and has to be almost invisible to the end user.  And if you are asking them to use a different app or process to the consumer-grade equivalent, it had better offer at least as good a user experience.

Contact us now for more information about how Armour Mobile can provide a highly useable and secure alternative to consumer-grade communication apps.