It’s that time of year again, when everyone is making predictions for the year ahead. One of the key themes being cited for 2021 is Digital Identity. To be fair, digital identities have been around since there were online systems that required passwords or authentication of some form. And it’s certainly nothing new in the cybersecurity world.
BUT, there is an increasing awareness within the population at large, that protecting your digital identity matters.
Cyberattacks have doubled this year
With many more people working from home, with more distractions (home schooling, sharing workspaces with partners for example) and with heightened levels of stress, phishers, scammers and hackers have had an exceptional 2020. It is widely reported that cyberattacks of all forms have doubled year-on-year during 2020 as criminals took advantage of the disruption caused by the pandemic. We are all susceptible to a clever social engineering scam, as the recent experience of broadcaster Jeremy Vine demonstrates only too well when his WhatsApp account was hacked: https://twitter.com/thejeremyvine/status/1327076111096958978?lang=en
Early in the summer news broke of several high-profile figures that had had their Twitter accounts hacked in a Bitcoin scam, https://www.itgovernance.co.uk/blog/catches-of-the-month-phishing-scams-august-2020, including Bill Gates, Elon Musk, Kanye West, Kim Kardashian West, Barack Obama, Mike Bloomberg and US president elect Joe Biden. Even Apple’s official Twitter account endorsed Bitcoin with a message.
At the risk of sounding like a stuck record, the greatest cyber risk to business is from people and processes (the insider threat).
The dangers of free messaging apps – again!
The Jeremy Vine example is worrying for the ordinary person and, to his credit, he has tried to draw as much attention to just how easy it is to be sucked in. However, it should be doubly worrying for companies that still sanction (or at least turn a blind eye to) the use of WhatsApp by employees. Even though people may not actually be using WhatsApp, or any other form of free, consumer grade messaging app for business communications, if their personal account is hacked, every contact in their address book could be compromised.
Have a think about who is in your contact list – would you want business colleagues, people you are negotiating sensitive deals with, prospects, customers, industry bodies, government officials, your CEO, to receive a message purportedly from you, when in fact it is a criminal pretending to be you?
Apart from the potential embarrassment, what about brand value and reputation? It doesn’t give a good impression does it? And once your account is hacked, what about the rest of the information you have on your phone? How confident are you to share everything that is on your phone with the rest of the world?
Keep your contacts close
Keep your friends close and your enemies closer still, goes the old adage (actually from the Godfather II, but often attributed to Sun Tzu or Niccolo Machiavelli). This is really quite relevant to how we manage our connections today. Everyone’s contact details should be treated with the same respect, not least as it is a requirement of GDPR (which still applies after Britain has left the EU). However, it’s not just a problem for WhatsApp and its ilk, even well respected apps such as Signal have this problem when anyone can join a group. Or to be more precise, everyone who installs the app is automatically in the amorphous, worldwide group of users, where anyone can contact anyone else.
Business communications, and that includes contacts directories, should be compartmentalised to avoid embarrassing phishing hacks at best, and data loss motivated by industrial espionage, or state-sponsored attacks on national security at its most serious.
With Armour Mobile organisations are able to centrally manage individual groups of users as well as to apply personnel changes, keeping contact directories for everyone up to date efficiently. Armour Mobile has its own Contacts list into which users can add other users’ contact details, as well as import Contacts files. Users from different departments or groups can communicate if they are white-listed, which can be managed centrally. With business contacts stored within Armour Mobile, if someone’s consumer-grade messaging account is hacked, their colleagues won’t receive compromising messages, nor will they be tricked into communicating with scammers and criminals, and all that that implies.
For more information on how to protect digital identities, and sensitive business contacts, contact us HERE