It’s been a tough 18 months for everyone, and as things start to get back to some semblance of normal in the UK at least, many people are enjoying a bit of down time. Some are playing PCR bingo and going abroad, while others are stay-cationing.
When staff are in holiday mood – will they throw caution to the wind?
While relaxing on holiday, will your employees remember your security protocols? The harsh answer is probably not! It’s not just the corporate information stored on personal mobile devices, or business devices that are also used for personal use, that could be compromised, it is their own personal privacy.
With the spectre of mobile network roaming charges (due to UK leaving the EU), some people may choose to use standard voice calls to keep costs down, but these easy for hackers, malicious actors (eg. business competitors) or foreign network carriers to intercept.
When taking business devices abroad, how does your organisation manage the export controls of taking data overseas?
On a personal level, will staff remember not to access their banking apps over an untrusted (hotel) Wi-Fi connection?
There’s a lot to think about – especially when people are fatigued by security measures in their working lives that can make getting ‘the job done’ that bit more laborious.
Personal Privacy is being infringed – Every day
Enlightened self-interested is as big a motivator as any to get people to follow corporate policy. When it comes to personal privacy versus what some describe as the surveillance state, many people are of the opinion that if you’ve done nothing wrong, you’ve nothing to fear. Recent stories in the press highlight the error in that thinking.
One such story to hit the headlines concerns Pegasus spyware manufactured by Israeli company NSO that is for sale to governments and other organisations for the purposes of surveillance. A data leak revealed how the spyware has been used to target journalists, human rights activists, politicians, government officials and business executives around the world. A list of 50,000 mobile phone numbers of potential targets has been uncovered.
This is one example of a ‘list’ that no one wants to be on. There are other databases of mobile phone numbers that people are not aware they are listed in. A recent BBC article told about how the reporter received a call via WhatsApp from someone she didn’t know. The caller had got her number from a database held in the US (there are many companies collecting and monetising personal data, scraped from a variety of online sources which allowed someone to link her WhatsApp account and personal phone number).
Live Facial Recognition (LFR) – is now a reality, and so concerning that UK Information Commissioner, Elizabeth Denham recently voiced her concerns about the technology. When CCTV cameras are overlaid with LFR, for instance, in a shopping centre, it could be used for identifying known shoplifters, or for serving up personalised adverts to shoppers. Safety or an invasion of privacy?
Another story to hit the more technical journals is news that Apple is to introduce new scanning software to detect Child Sexual Abuse Material (CSAM) on people’s iPhones. No one would argue that cracking down on the peddling of CSAM and the apprehension of paedophiles is anything but a good thing. However, in this case, the method is being called into question because it introduces a security and privacy weakness in Apple’s operating system, that previously enjoyed a robust reputation. It doesn’t take a huge leap of imagination to see how this type of well-meaning surveillance could be appropriated for more political or sinister purposes. Indeed, there has been such a degree of public outcry that Apple has now announced it is deferring the launch of the service.
Corporate Duty of Care
Infringements of personal privacy can impact business. Most people are wedded to their mobile phones, making these devices a tempting and lucrative attack vector. Not only may perpetrators be able to steal the user’s identity, they may also gain valuable commercial information, or indeed, that might be the very reason for the attack in the first place. It is in the interest of any organisation to educate and protect its employees.
Products such as Armour Mobile and SigNet by Armour are delightfully easy to use, and yet provide a much higher level of security than consumer-grade apps.
In today’s world of increasing surveillance, anyone who handles sensitive or commercially valuable information on their mobile phone, needs to consider protecting it, and with that, their own privacy.
Contact us today to see how we can help your organisation protect your employees personal privacy and with it, your corporate IP.