A Secure Smartphone in Uncertain Times

Smartphones are currently one of the main channels for the potential leakage of sensitive data.

A Secure Smartphone in Uncertain Times

Author: Tero Savolainen, Vice President, Secure Communications Business Development, Defense & Security, Bittium

Smartphones are currently one of the main channels for the potential leakage of sensitive data. This applies to both business and public administration bodies. The current geopolitical situation makes Europe vulnerable to the cyber threats.

Threat levels for cyber attacks have raised globally and there has been a lot of attacks or attempts executed by groups associated with Russia. A potential target of hackers' attack does not have to be critical infrastructure objects or data centers, but also mobile devices.

At Bittium, we realize that an unsecured smartphone in the hands of an unaware company employee or official can be an excellent tool for infiltrating the organization's resources or for disinformation activities (e.g. through hijacked accounts on social networking sites).

Dangerous Practices

Security is important because the propagation of remote work during the coronavirus pandemic has given hackers new access channels. Only few of those who perform their work duties from home use secure access channels such as VPN networks or supervision mechanisms such as MDM (Mobile Device Management). In general, the adaptation of smartphones in ​​professional usage in recent years has been so fast that there has been a serious breach between the daily necessity of using smartphones and educating employees about threats in mobile safety.

It is a known practice, especially for low-level officials, to use private smartphones as an alternative to work devices. This can lead to trivial security breaches with serious implications.

Children often have access to such devices because parents do not know how to separate the workspace from the private space. In such cases, IT departments do not have any possibility to check whether such a smartphone meets the minimum conditions allowing it to be used in an environment where confidential data is processed.

Organizations also make purchasing mistakes when it comes to selecting mobile devices. They use convenient affiliate programs. A typical scenario is the purchase of a pool of smartphones from an operator as part of a business plan, where the priority is cost optimization and benefits for employees - often the possibility to choose a business cell model is treated as a bonus related to the position. In such a situation, security is of secondary importance, and we are talking about business devices, which are often a channel of access to the organization's resources.

 

Response to Surveillance

One should also be aware of the existence of cyber threats, which at some level may even be destructive to the activities of companies or institutions. Data leakage can be a problem, but even a ransomware attack can paralyze or even destroy data resources. Therefore, it is only important to combat the effects of an attack, but most of all to avoid it.

Both business and public administration bodies now have the ability to effectively protect themselves also in the mobile area. The first step should be to recognize that smartphones must have the same status as company computers and that digital security programs implemented within the organization should also include these devices.

You should separate the private space from the workspace. This can be done by strictly ensuring that employees only use company smartphones for business purposes, preferably configured with MDM services. Education is also crucial here - even as part of remote work, training is possible, e.g. in the form of a webinar on digital threats.

Employees need to be aware of how even minor cybersecurity bugs can be a critical threat in a network-centric world. People who have access to sensitive data within the organization should only use certified devices that meet certain security standards. Popular models of smartphones dedicated to the consumer market can only be protected to a limited extent, and only at the software level, against surveillance or attempts to steal data. Hence, the safest solution is to go for solutions that are built with full security focus from the ground up.

At Bittium, we offer exactly such devices - smartphones from the Bittium Tough Mobile 2 product family - secured not only from the software side (e.g. hardened operating systems), but also by its hardware. The security of the Tough Mobile 2 is based on a dedicated security chip that allows the user's information to be secured in an unprecedented way by taking advantage of the tamper protection of the device. The device is able to monitor attack attempts in many different ways and prevent the theft of user data. For example, the device is able to detect circuit board level voltage and temperature attacks that attempt to drive microcircuits into a fault condition and thereby steal data. Server-side-protected VPN connections, proprietary application store, and well-defined Device Manager complement security and effectively prevent malware from entering the device.


Tero Savolainen, Vice President, Secure Communications Business Development, Defense & Security

Tero Savolainen (BSc) has 25 years of experience in cyber security, telecom and software industries. He has lead the development of Bittium’s own product business for Tough Mobile devices and security related software products. Tero has a deep technical and business understanding while at the same time maintaining the eye for the customer needs. He has successfully worked on numerous product concepts and partner co-operations with proven results.