Author: armour

Staying motivated and focused, keeping your nose out of the fridge or the biscuit tin, and keeping away from the distractions of social media, all the while managing home schooling and childcare.  There are many challenges to working from home – but also many benefits: no need to dress up, no long commute, more time with the family.

Security is another challenge, but may not be at the top of the list, particularly for those unused to working remotely.

Keeping sensitive or company confidential information private

People behave differently when they are in different environments, and this is equally true for work. When working from home there is often a tendency towards a more relaxed approach, and in an unfamiliar environment it is easier to make mistakes as the recent survey by CyberArk highlights: https://www.businesswire.com/news/home/20200603005158/en/Remote-Work-Study-Cyber-Habits-Home-Threaten

People may be using different computers/devices or different applications and they won’t be surrounded by colleagues to ask when they have a question about the changed look and feel of the IT experience.  Even those with a work-issued laptop, may find that applications look different to how they do in the office, for example, the need to use additional authentication during login, or to use a Virtual Private Network (VPN).

For all these reasons, people can be more susceptible to phishing and other cyber attacks; they’re in a different environment, using different systems, with different distractions. When everything is a bit unfamiliar, stress levels will be higher, and the ability to absorb new ways of working diminishes significantly. In our recent webinar Industry Leaders discuss the additional stresses of home working, and how to combat some of them: https://www.information-age.com/avoid-the-consumer-apps-how-to-collaborate-securely-and-productively-in-the-finance-sector

As well as an increased number of attack vectors, there are risks within the home

Shared devices – children using work laptops for home schooling may be going onto social media sites, clicking on unsafe links, downloading apps, etc.  The CyberArk survey reported that 29% of homeworkers admitted allowing other members of their household to use their corporate devices for activities like schoolwork, gaming and shopping. There are arguably as many risks in sharing your work device for non-work activities as there are in using an unmanaged device to access the corporate network.

Shared spaces – couples both working from home may be sharing a single office space, or the dining table.  This can present a myriad of issues, from overheard conversations within the household, to neighbours overhearing sensitive discussions via open windows/doors.  Screens may be on view internally and externally, yellow sticky notes with passwords left lying about, or paperwork left where others can see it.  At the very least, people should have secure home storage for papers and laptops.

Conference calls – we’ve all seen the videos that went viral of news reporters talking to camera as toddlers or pets appear in the background.  Where possible family members or housemates need to respect conference calls and those taking part in such calls should use headphones or earbuds with a microphone.

Extending the perimeter – cyber security at home

For years we have been warning against using WiFi in coffee shops and hotels, now organisations are reliant on the security of home WiFi!

There are increased challenges for corporate networks too, as they now need to learn to distinguish which ‘new users’ logging in from unknown IP addresses are staff working from home, rather than adversaries trying the hack the system.

People that are already stressed due to unfamiliar work routines and trying to balance work with additional home/family distractions are clearly more susceptible to the huge increase in COVID-19 themed phishing scams.

All of this means that IT and Security teams need to make extra efforts to keep remote workers safe. They need to show empathy and an understanding that security best practice is not second nature for non-techie home workers. They need to be prepared to provide extra training, but even that is not a silver bullet. As we’ve said plenty of times, security needs to be baked in, transparent to the user, and so easy to use that there is no temptation to look for workarounds.

Using the right tools for the job – what a genuinely secure app looks like

As was debated during the panel discussion at our recent Webinar (https://www.information-age.com/avoid-the-consumer-apps-how-to-collaborate-securely-and-productively-in-the-finance-sector/ ), apps are here and they are the future.  Organisations need to introduce Secure Enterprise Apps and give users the right guidance and support to use them. Our webinar demonstrates just how useable a genuinely secure communications app can be!

The security flaws in services such as Zoom and MS Teams have already been well documented https://www.bbc.co.uk/news/technology-52133349 with the new phenomenon of Zoombombing where miscreants join calls uninvited to listen in or hurl abuse. Consumer-grade apps, whether on the desktop or mobile devices, give no control of users on the system and no constraints on where confidential messages and attachments can be forwarded to.  There may be claims of end-to-end encryption, but what does that really mean? Do users understand what metadata they may be giving away to application vendors – data that can be highly valuable/useful in the wrong hands.

Consumer apps used for business where there is no audit, control or accountability, is a GDPR fine waiting to happen.

By providing the specific business apps to people to use for work, organisations can help their staff to delineate between business and social, keeping data safe, and separate!

As always, the NCSC gives some great guidance around working from home, how to communicate with staff and steps to take to ensure business data is kept safe; take a look at  https://www.ncsc.gov.uk/guidance/home-working

David Holman, Director, Armour Mobile

For some sections of society, working from home is now the new normal and, it’s looking set to stay that way.  We have seen several high profile organisations stating that staff will be working from home for the rest of the year and into 2021 https://www.zdnet.com/article/google-expects-its-staff-to-work-from-home-until-2021-and-its-not-alone/  This includes the likes of Google, Twitter, Facebook, Barclays Bank, and global ad and marketing agency WPP.

At Armour Comms, before COVID-19 we were totally committed to office based working. We thought that, for example, developers needed to be together to talk through problems and spark new ideas. We thought that people would be less productive working from home.

Now that it has been forced on us, we’ve been pleasantly surprised at just how well it has worked. Productivity is at least the same, if not better, and people seem to be communicating well (and securely), using our own technology.

Some of us have long commutes, up to four hours a day – that’s a huge amount of time saved, which all adds to a better quality of life.

However, for all the benefits both to the business and individuals, we do still need to maintain a sense of community and team.  We’ve hired new people during lockdown, and getting them up to speed, and ensuring they feel like they are part of the Armour family is harder without that face to face contact that we all actually quite enjoy.

Eating our own dogfood!

We’ve been using our own technology – in a real life situation, rather than testing it in the office where we have infinite bandwidth and excellent mobile coverage.  Now we’re running our business using Armour Mobile. Its working well (well we would say that wouldn’t we!), but its also given us an insight into some of those little niggles that all software comes with, and now we’re even more motivated to iron them out.

Feedback from our customers has been interesting too. For example, people need secure conference/video calls for two, three or four people, but they don’t always need to see 30 windows with a video of everyone on the call – bandwidth at home doesn’t often allow it. It’s giving us a focus on exactly where to improve the products.

So, Lockdown week 7 – what do we know?

• Working from home is just as productive – most of the time
• Keeping that feeling of being part of a team is much harder and needs concerted effort so that people don’t feel isolated
• People always find a way to communicate – so you must give them the proper tools to communicate securely
• Flexible working is here to stay, so we need to adapt to the new ‘normal’ in all aspects of the business.

You never know what to expect when a new operating system is released and after the problems with Apple iOS 13 there was a bit of unease amongst the Armour developers. However, for now, the rapid and challenging changes in the functionality available on Android mobile platforms have continued to open up opportunities for seamless integration with Armour Mobile.

Armour Mobile and Android push notifications

You may be asking yourself what are push notifications and why are they important? Well, push notifications are the messages received from apps to provide timely information or other communications from other people when you are not in the app or using your device. These push notifications are a communication channel provided by the operating system to apps that want to use them, and on Android this is done via Google servers.

And an added bonus to battery life too!

Without push notifications, you would need to have your app continuously running or open i.e. ‘always on’, therefore requiring power, and so impacting battery life.

The Armour Mobile app securely delivers and handles push notifications for calls and messages, alerting the user to the incoming call, message or other event notification. The result is that Armour Mobile notifications are now tightly integrated with the battery-efficient, low-level interactions that happen fairly continuously between Android devices and the network.

This seamless coordination results in more efficient battery usage and given the importance of battery life I think we can all agree this is a good thing!

Seamless integration without compromising security

Armour Mobile ensures privacy by not exposing any sensitive information within the alerts themselves: the call / message / video notification remains anonymised until the user is logged in to the Armour app and authenticated to see and receive the call.

So, although notifications will be delivered via the Android push system, users can be assured there will be no impact to security and privacy. Sensitive information remains within the control of the Armour Mobile app at all times. Security and great user experience are the foundation of all our solutions and now Android users get an additional bonus of great battery life too!

And for users who still wish to use Armour Mobile for Android in a totally self-contained environment without the internet or push servers, just adjust the app’s settings accordingly and it will continue to work just as reliably in your private network.

In light of COVID-19, Armour Comms is taking all precautions to protect staff and ensure uninterrupted service levels. We have robust business continuity plans which are designed to make sure that you as a client can get in touch with an Armour staff member, even in the midst of a global pandemic.

Enable Collaborative Working

With the recent developments most companies are looking at ways for staff to work securely from home. Armour Comms’ flagship product Armour Mobile will give you voice, video and messaging along with secure conferencing and file transfer which can be up and running within minutes from our commercial UK based cloud, also available with secure hosting from our partners.

Affordable Contracts

In order to assist our customers, we have relaxed our normal 12-month upfront contract to 3-months and will allow users to extend on a quarterly basis, with one-month cancellation.

Protect your Sensitive Data

With so many people likely to be home working in the next few weeks, trusting the security of large amounts of corporate data moving across the internet is an increased risk. Armour will mitigate that risk. CPA approval from HMG gives users peace of mind that our software, which is developed and supported in the UK, has been reviewed and our security checked by a third-party.

For further assistance, contact us at sales@armourcomms.com

Heart pounds, palms sweat…that moment when you realise your mobile phone is missing

Mobile device losses and crime stats

It was recently reported[i] that UK government employees lost or had their mobile devices stolen at least 2,004 times in the 12-month period from 1 June 2018 – 1 June 2019. Another study[ii] reported that across Transport for London’s (TfL) network, more than 26,000 electronic devices went missing between April 2017 and April 2018. The devices included mobile phones, tablets, laptops and even drones!

These figures dwarf in comparison to findings revealed by Direct Line Home Insurance[iii]. Its analysis discovered that over 67,000 mobile phones were stolen across the UK in a 12-month period, equating to 183 mobiles phones taken every single day. This figure is based on the number of mobile phones reported stolen to the police. Although a surprising statistic it is unlikely to be a true reflection of the scale of mobile phone crime as a large portion of thefts go unreported. In some more sinister cases, thieves do not intend to sell on the device because the information stored on it is far more valuable.

Keeping your phone secure

With mobile phones being so fundamental to our daily lives it should be a given that steps are taken to safeguard not only the device but the personal and sensitive information contained upon it. Here are our top tips to safeguard your mobile device:

1. Lock your home screen

Set secure passwords (not 1234!) and enable finger print biometrics if you have it. Locking your home screen not only keeps private information private, it also protects from unwanted eyes skimming through your phone.

2. Don’t store sensitive data on your device

But if you must store sensitive data on your device, make sure it is encrypted. Data is worth a lot to thieves, especially given the amount of further information that can be glean from a phone – so protect it.

3. Use secure messaging apps

Consumer grade apps are not suitable for business communications, a fact that WhatsApp themselves make abundantly clear in their terms of service. Keep confidential messages secure by using an app with significantly enhanced security built in.

4. Exercise caution with public USB cables and ports

Even better, only use your own USB cable in public ports and buy a portable battery. It’s not just about caution, they come in very handy if you don’t have a charging socket available.

5. Update your phone software

Software updates are more than about front-end features and functionality. They often include critical patches to security holes, so it’s important to apply updates regularly.

6. Set up remote wipe

If your phone is lost or stolen, you’ll be able to wipe all of its data remotely – and therefore keep it out of the hands of cyber criminals. You can often also use remote wipe to find your phone’s location.

For more guidance take a look at our blog based on the key Secure Communications Principles defined by the National Cyber Security Centre (NCSC).

[i] https://www.bbc.co.uk/news/technology-51572578

[ii] https://www.railway-technology.com/news/tfl-lost-devices-risk/

[iii] Direct Line analysis

Continuity planning is a key part of every business, and security should be an important part of that. After all if disaster strikes, the last thing you want is to attract a cyberattack from opportunists.  Strategies should be in place that enable people to continue to work and communicate, ideally, using systems that are already familiar.

Widespread flexible working practices means that for many organisations, people can simply work from home for a few days, or even a few weeks, should the need arise.  However, for some, the work they do relies on face to face conversations.  This can be due to personal nature of the conversations they have such as in the healthcare profession where doctor/patient confidentiality is an issue, or in the legal profession where sensitive negotiations need to take place face to face, or because of the security/covert nature of the work.   In all these cases, when a conversation with someone in the same room simply isn’t possible, it is critical that people have a reliable and secure means of communication to carry on business as usual.

If and when disaster strikes, staff need the most appropriate tools for the job, even if using their own devices.  While routinely allowing staff to use their own devices for reasons of convenience is good for productivity and continuity, the use of unmanaged devices also opens up the business to a whole range of security risks and unsafe or unregulated working practices.  A prime example is the use of consumer grade apps for business use, which is insecure and does not comply with GDPR regulations, as we explain here: https://www.armourcomms.com/2020/02/06/using-consumer-apps-for-business-use-is-illegal/?cat-slug=10

Here are five immediate benefits of using a specialist app to ensure that confidential conversations stay that way.

Five Benefits of Enterprise Grade Secure Communications

Protect all sensitive data – including metadata – It’s about more than just encryption. Enterprise-grade apps have a lot more sophisticated security features than simply encrypting your messages. Meta-data (details of who you called, where you made the call, how long you talked, for example) is also protected, and remains under your complete control (either on your premises or in our secure cloud).

Secure collaboration and increased productivity- Voice, Video, Conference, Attachments, Group Messaging. All the elements that enable you and your colleagues to collaborate productivity, knowing that your sensitive corporate information is fully secured

Limit the life of time sensitive information – with Message Burn messages, documents, videos can all be timed to self-delete (burn) after a set time. This is set by the sender and can be a set time after the message has been sent, or after it has been read.

Optional Audit Trail – For regulated industries, conversations can be audited, so even when using their own devices, staff are still compliant for business operations.

Fast One-click Provisioning – Users are able to download the app from the appropriate app store, and then approved by IT/Security with just one click.  The app can be decommissioned equally as fast should a device be lost or compromised, or a staff member leave the organisation.

Armour has a range of solutions designed to meet most use cases.  These include CPA/NATO/NCSC certified apps, a choice of 128 or 256 bit encryption, with or without audit capabilities that run on most off the shelf smartphones, and Win 10/MacOS desktops.

For more information on Armour Mobile, SigNet by Armour, or Medicomms by Armour contact us today.