Free Wi-Fi Hotspots Are a Major Security Threat for Businesses
From “Free Wi-Fi Hotspots Are a Major Security Threat for Businesses”
BetaNews (04/21/16) Fadilpašic, Sead
A new report from iPass Mobile Security shows that Wi-Fi hotspots are the biggest security threat for mobile workers. Ninety-four percent of companies surveyed said the hotspots are a “significant” threat and 62 percent of organizations are banning their mobile workers from even using the hotspots. Another 20 percent are planning to do the same in the future. Free Wi-Fi spots were considered the biggest threat, followed by lack of security attention from employees and the specific devices in use. In the era of bring your own device policies, and the proliferation of various forms of mobile devices, enforcing these rules is becoming more difficult. Mobile workers, against everything a company may tell them, will seek out free Wi-Fi because it is convenient. The report noted that simply banning access to hotspots is “not the solution.” Instead, companies must educate their workers about the dangers of insecure free Wi-Fi and provide them with the appropriate tools to access a secure connection while remaining productive.
| Web Link
Hackers Only Need Your Phone Number to Eavesdrop on Calls, Read Texts, Track You
From “Hackers Only Need Your Phone Number to Eavesdrop on Calls, Read Texts, Track You”
Computerworld (04/18/16) Storm, Darlene
Hackers can listen into and record calls, read texts, and track locations, with access to nothing more than a phone number, according to a 60 Minutes report. According to the report, “every person with a cellphone needs Signaling System Seven (SS7) to call or text each other. The SS7 network is the heart of the worldwide mobile phone system.” However, the network is flawed, according to security researchers who have been warning about SS7 protocol vulnerabilities for years. Some people believe the SS7 flaw has never been fixed “because the location tracking and call bugging capacity has been widely exploited by intelligence services for espionage.” Congressman Ted Lieu (D-Calif.) participated in an experiment using an iPhone supplied by the segment team in order to evaluate the legitimacy of the SS7-flaw argument. Karsten Nohl of SRLabs and his team were able to intercept and record the congressman’s calls, read his texts, view his contacts, and track his location even if GPS location services were turned off. Nohl says this hack “is targeting the mobile network,” as opposed to the individual phone, meaning any security precautions taken by the owner are ineffective. He also says there is currently “no global policing of SS7,” meaning mobile networks are responsible for protecting their customers, which can prove challenging. | Web Link
20 Percent of Employees Would Sell Their Passwords
From “20 Percent of Employees Would Sell Their Passwords”
BetaNews (03/21/16) Barker, Ian
Research from identity management company SailPoint found that one in five employees would be willing to sell their work passwords to another organization, up from one in seven last year. Of those who would sell their passwords, 44 percent would do it for less than $1,000, and some for less than $100. SailPoint also found that two in five employees still have corporate account access after they leave their job, 26 percent uploaded sensitive information to cloud apps with the intent to share data outside the company, and 32 percent share their passwords with their co-workers. The data comes from a survey of 1,000 office workers at large organizations (with at least 1,000 employees) across the U.S., UK, Germany, France, the Netherlands, and Australia. The Market Pulse Survey proves there is a disconnect between employees’ growing concern over the security of their personal information and their negligence over data security practices in the workplace.
| Web Link
The Evolution of Social Media Monitoring in Corporate Security
From “The Evolution of Social Media Monitoring in Corporate Security”
Security Magazine (01/26/16) Klasson, Eric
Organizational social media monitoring has become a widespread practice across almost every industry in the US. These tools are used to increase productivity and to emphasize brand management, but they are also critical to organizational security. One of the most important tools to arrive in recent years is the advent of location-based social media. Now it is possible to limit searches to only the areas that interest you. Instead of looking through the entire social media landscape to identify threats to your company, you can now limit that search to areas such as the company headquarters. By adding the context of location, social media becomes a source of intelligence that corporate security groups can use to monitor facilities, assets, and locations of interest. Location-based social media tools can inherently solve the who, what, and where of an issue, but further advances have also allowed more discovery of the why. Using these tools can now reveal the sentiment or motivation behind certain social media posts, or why they contact who they choose to talk to. These tools can provide deep knowledge that can be as important to developing sound security as it can to developing new business plans. While social media monitoring is a relatively new concept, the benefits can be felt from the top of the company all the way to the bottom.
| Web Link