How secure are your mobile communications? Top tips from the NCSC (part of GCHQ)

In a world where it seems acceptable for the US President to routinely use an unsecured mobile phone vulnerable to monitoring by foreign intelligence services we should all be thankful that the UK’s National Cyber Security Centre (NCSC) continues to work to “make the UK the safest place in the world to live and work online”.

According to the Centre for the Protection of National Infrastructure (CPNI), the UK is a high priority espionage target . Cyber espionage may use any form of cyber attack to steal classified, sensitive data or intellectual property to gain an advantage over a commercial competitor, company, government or nation state, but equally almost any individual (whether of high net worth, or having some knowledge or role of importance) may be a cyber espionage target. In order to achieve success, a cyber-criminal will attempt to identify and then exploit any perceived weakness within your protective security measures and mobile communications are a key area of risk, especially as they are increasingly used as an authentication mechanism for all sorts of logins and financial transactions.

When looking at securing mobile communications, be it voice, video or messaging services, it is important for any solution to deliver 3 key outcomes; confidentiality, integrity and authentication, i.e.

• keeping your communications private and protected from prying eyes / ears;
• making sure that those communications haven’t been tampered with; and
• ensuring that the communications are actually coming from the person you think.

While you might think selecting any mobile app that mentions the word “encryption” in its description will solve the first point, not only is this frequently not the case, but security and privacy have much broader considerations, even including where you’re holding your conversations (for a humorous yet worrying example, talking loudly about business on a train . The rapid increase in cases of fake audio (and now fake video) for fraud shows the dangers of compromising integrity or authentication… and we haven’t even got to the insecurity of carrier networks or how everyone is installing audio and video bugs ‘helpful assistants’ everywhere!

So, please go take a read through the advice from those savvy people at the NCSC on the key Secure Communication Principles for all your organisation’s important communications.

As you might expect, Armour’s products are designed to meet these secure communications principles from the ground up, and over the coming weeks we will be highlighting some of the details behind the principles and how you can apply them.