Nice Data, Shame if it was stolen!

I have been touting the emergence of the security threat that is inherent in cloud based systems, mobile devices and BYOD when combined together for the last 18 moths to two years.   It is not that they are inherently insecure,  although they are, but it is a combination of the three into a complete package where security compromise becomes apparent.

The mobile device has changed the face of business.   It has changed the way we work and how we sell product and services – if you haven’t got a mobile capable website you are so 2012.   It has also enabled the bad guys, hackers and data thief’s, much easier access to your personal information and your money.

Here is what I am talking about

Compromised websites

it is not that hard to compromise a website.   Once compromised it is also not hard to put on a cross platform based script that will attack visitors browsers through flash, acrobat, or java.   Once this is done that script can do anything that it is programmed to, connect to the command and control centre and you no longer own the device.   Very nasty.

Everything on the device

Like most people the mobile device, whether it is phone, tablet or both contains critical information concerning the owner.   If it is lost, stolen or misplaced then all of that information needs to be recreated – do you have a backup of all of the information on the device.   If it is an apple then probably, but androids do not have that stop gap measure so a lost android system can spell major problems for the owner.

Insecure passwords

When it comes to the cloud the major problem is usernames and passwords.   Complicated username and complicated passwords make a brute force or rainbow attack pretty problematic for the attacker – this is good.   In addition to this if your data is in a cloud environment or data centre, don’t tell anyone except internal staff.   This is just another facet of the cloud phenomena that you need to be aware of.

Immature apps for devices

The app market for devices is huge.   A billion dollar industry that is only going to get bigger, BUT, at present it is so immature that some apps are not worth the 0.99 that you are asked to pay for them, never mind some of the free ones.   In addition to this, the idea of securing the applications for some developers is an alien concept.   Apps will ask you to allow them to do something – always read the request and if your on a BYOD then make sure that the kids are not installing apps without your knowledge.

I still believe that paranoia should be a major component of your online life.   It is not that you think the bad guys are after you and your information, in fact they are.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.

Leave a Reply