Mobile phone security is still a blind spot for some CFOs, CEOs and investors. Business strategies to prevent cyber-attacks often focus on servers, computer systems and the cloud, yet it is smartphones and tablets that are the new end point. Below Peter Matthews, CEO at Metro Communications, discusses six simple ways CFOs can make the most of their own and their employees’ phones, without compromising on security.

Research from Gartner shows that 27% of corporate data traffic will bypass perimeter security by 2021 and flow directly from portable devices to the cloud.

These mobile gadgets may have increased productivity immeasurably, but their escalation has also increased the risk. There is much more valuable data held on mobile phones than most users would credit. Documents, chat messages, videos, voice calls, texts, address book, calendar and location are all data, all valuable, and - to the right criminal – all worth stealing.

The uncomfortable truth is that with 72% of large UK companies experiencing a cyber breach in 2017, all business leaders have to take action to increase their awareness, secure all of their communications and ensure they can quickly recover from any damaging action. The key question is how?

1. Don’t use open WiFi or consumer apps for sensitive business conversations: Whether your staff are working from home, the car, the office or a hotel room in Timbuktu, confidential communications should always take place over secure WiFi. Don’t be tempted by that open network in a local cafe, even if it’s more convenient. It is also worth remembering that consumer apps, such as WhatsApp, encrypt the content of conversations but don’t protect metadata which includes information about your location, the date and time of calls, recipients’ phone numbers and your contacts list. Apps certified by a third party, such as the National Cyber Security Centre, ensure that nobody outside of your organisation can access your metadata.
2. Increase intelligence and awareness: Don’t expect your chief information officer to take sole responsibility for maintaining secure communications. In the words of KPMG, ‘security is not just an IT issue’ - it must be built into behaviour and processes throughout the whole organisation. For example, knowing the provenance of apps, creating verification and authentication processes or encouraging staff to use ‘message burn’ facilities to destroy sensitive text messages after they’ve been read will help create a safe environment for valuable data. A culture of awareness, supported by a policy which includes a clear chain of accountability, may be the closest you can get to a human firewall.
3. Get expert help. Mobile phone hacking is not a cottage industry, it is a global activity. Consider building relationships with information security consultants who know the landscape inside out, have access to leading edge technology and can advise on prevention. Including relevant partners and suppliers in these discussions will help you apply minimum standards to ensure hackers can’t access your data via ‘weak links’, beyond your corporate walls.
4. Control personal devices: According to a UK government survey, companies that allow staff to use their personal phones for work are more likely to experience breaches because they often find it difficult to manage security and impose technical control on personal property. Mobile device management (MDM) platforms can barricade and secure business data and delete sensitive corporate information when a staff member leaves. A recent analysis of the top ten best MDMs by TechRadar is available online.
5. Set up disaster management procedures: If your organisation succumbs to a cyber-attack, using the very platform that has been compromised – for instance, your computer system - to report or manage the situation can make matters worse. In fact, the initial action might well have simply been ‘bait’ to help the hackers gain access to new passwords and security information, and prevent key messages from being delivered. A separate and secure communications channel, where messages and voice calls are kept private, will – in these circumstances - help you to safely repair the damage and carry out essential discussions with your senior team so that your business doesn’t grind to a halt.

The proliferation of mobile devices, wireless internet, insecure apps and the Internet of Things, aided and abetted by cheap hacking tools, means that any approach to cyber security should include an assessment of mobile security to keep pace with emerging threats. For CEOs and CFOs in the UK and beyond, doing nothing is not an option.

Electroneum, the first British cryptocurrency, has reported a successful first month of its mobile mining BETA trial, giving millions of smartphone users global access to mine cryptocurrency through their mobile devices.

Electroneum’s worldwide survey of over 44,000 participants saw 93% of users being young males, 64% labelled “crypto newbies” and 56% anticipating they will use the mobile mining experience all the time.

Designed to be the most user friendly and mainstream cryptocurrency in the world, Electroneum is the first company of its kind to offer mobile mining on the go, helping with the adoption of cryptocurrency into the mainstream market.

The mobile mining experience is a simulation of real computer mining, which allows users to obtain Electroneum coins whilst playing ‘games’ to increase the amount of coins they receive. The survey also found that a quarter (24.7%) of its users were located in North America, home to one of the largest bitcoin mining data centres, with Europe (21.9%) following closely behind.

Richard Ells, CEO and Founder of Electroneum said: “The past couple of years has seen a significant shift within the cryptocurrency market, with Bitcoin increasing its value at an exponential rate in 2017 alone. However, Bitcoin can be difficult to get hold of, trade in and spend so with the creation of our mobile mining BETA trial we know it will provide our users with the freedom, security and accessibility which you get from mining on a computer.

Electroneum’s mobile mining will be live in January 2018 after the success and response from its beta trial.

(Source: Electroneum)

Mobile shopping in the UK, France and Germany accounted for 28% of online Christmas orders in 2016, according to CJ Affiliates, with the UK bringing in an even bigger proportion at 44%. And these figures are set to grow even more in the lead-up to the 2017 festive period.

According to Keiron Dalton, mobile banking expert from Aspect Software, with the Golden Quarter set to see another boom in mobile payments and complex transactions, the opportunities for fraudsters to make their move on the shopping public is higher than ever. Keiron, head of Aspect’s global digital identity division, also argues that fraud that relies heavily on social engineering and bypassing weak security processes, such as SIM Swap, is seeing an upward trend in the UK and other regions, including Africa. According to Keiron, fraudsters not only take advantage of the upswing in mobile payments activity, but the sentiment surrounding the holiday for a lot of people.

Keiron explained: “SIM Swap fraud occurs when a criminal registers an existing phone number of a victim on a new SIM card by impersonating the victim to the mobile phone provider. Once activated, a criminal will receive all the calls and SMS notifications sent to the victim’s mobile number and can deactivate the original SIM card in the process. Once in control, criminals are able to bypass SMS-based one-time-passcodes, and steal large amounts of money quickly. This often happens before the victim is even aware they have been targeted.”

“We are working closely with the GSMA, as well as with a number of big banks and leading mobile network operators in the UK and in the rest of Europe to build a collaborative effort to fight new types of fraud like SIM Swap, but consumer awareness of the crimes has stayed relatively out of the headlines. If your phone or SIM card has been compromised, there are a number of tell-tale signs to look out for before it gets too far,” Keiron said.

1. Phishing messages and suspicious communications asking for information

SIM Swap fraud requires the hacker to have access to a victim’s bank details. These are often obtained through an email phishing attack, unsolicited communications asking for details, or by purchasing that information from online crime gangs. You should never respond to these types of communications or send your bank details on any platform that could be read by someone else. Your bank will never ask for this information so don’t be fooled by fraudsters imitating your bank. This leads to the initial opportunity to get account access or access to a duplicate SIM card; it also could provide criminals with the answers to personal security questions.

2. Extended loss of signal

Once SIM Swap fraud has occurred, it is not instantly noticeable to the victim. Extended loss of signal is the initial sign that SIM Swap fraud has taken place, as the control has been switched to a new device. Contact your mobile network provider to check if it is a widely known issue, or isolated to your device.

3. Floods of calls and messages

This is a tactic that runs parallel to the extended loss of signal. Criminals will send a flurry of nuisance calls and/or messages in an attempt to get victims to turn their phone off. If you’re suspicious, it’s vital that you don’t turn your phone off as this is used as a distraction to delay you noticing a loss of service when a SIM is swapped.

4. Opening links on your phone

Whether the link is sent to a victim via a phishing message or is on an unknown website, mobile phone users should be cautious when opening links on their device, and delete anything suspicious immediately. Hackers can use links that contain application packages that, if installed, will give the people behind the malware administrator rights to the victim's device.

5. Be aware of the source of any applications you download

Only download applications or make in-app purchases from approved sources or stores. To prevent suspicious applications from being installed, Android phone users can go to Settings/Security and turn the ‘Unknown Sources’ option off, which will stop the phone installing them from anywhere other than Google Play.

(Source: Aspect)

People unlock their phone and, increasingly, shop and pay with the touch of their finger. They don’t get locked out when they forget a password because it has been replaced with a simpler, more secure option – mobile biometrics.  Whether using a fingerprint, an iris scan or a “selfie” to confirm identity, banks see biometric technology as a way to provide greater convenience and security to customers as they use their accounts. But, it’s still early days in mobile biometrics, and a new report from Mastercard and the Department of Computer Science at the University of Oxford highlights a big barrier. Only 36% of relevant banking executives feel they have adequate experience to deliver.

To overcome this knowledge gap, ‘Mobile Biometrics in Financial Services: A Five Factor Framework’ explores this fast-evolving technology landscape and provides bank executives with guidelines to successfully bring mobile biometrics to life. Simply put, they need to focus on Performance, Usability, Interoperability, Security and Privacy.

Some of these factors are more visible to the consumer, having a real impact on user experience, while others operate behind the scenes. But, long-term success for a bank requires that they address all factors equally to protect against threats. The framework can help financial service companies avoid the trap of focusing only on the ones their customers see.

“Biometric authentication has a lot of potential, but it is important to address the objectives of each of the Five Factors when designing solutions. Working together with Mastercard enables us to solve for realistic threats to the industry with the best technical and scientific ideas. Users will need consistency, quality and assured security for this technology to thrive,” said Professor Ivan Martinovic, Department of Computer Science at the University of Oxford.

Ajay Bhalla, president, Global Enterprise Risk & Security, Mastercard, commented on the research initiative in a blog, saying: “Effective mobile biometrics melt into the broader experience of consumer-centric financial services, giving people the power to instantly access their financial information or make a payment. They’re driving the trend toward a password-free future where digital identity is all about who we are, not what we remember.”

Considering that global sales of smartphones are expected to reach $400 billion by next year, people everywhere will increasingly have access to the tool that makes mobile biometrics possible. Banks see that as an opportunity, and with initiatives like the collaboration with the University of Oxford and pioneering biometrics solutions like Mastercard Identity Check Mobile, Mastercard is a partner to deliver widespread and responsible adoption of mobile biometric solutions in financial services.

As Bhalla continued, “This framework is fundamental to accelerating the deployment of mobile biometrics for consumers and industry alike, but collaboration is key. We can only achieve this if industry, academia, governments and technology vendors understand and contribute to the evolution of the Five Factor Framework for mobile biometrics.”

“Mastercard and Oxford have done important work in exposing some of the root causes for the inconsistent adoption of mobile biometrics in financial services,” said Ravin Sanjith, Program Director: Intelligent Authentication, Opus Research. “We expect the Five Factor Framework to become an indispensable aide for industry professionals and decision makers to have better informed, strategic discussions that drive towards more efficient and successful high-scale implementations.”

Anthony Duffy, Director of Retail Banking, UK and Ireland at Fujitsu told Finance Monthly:

“The news that biometric authentication is now consumers” preferred choice for their financial services security is further evidence that biometric technologies are coming of age. Biometric solutions have been used overseas for many years, with Brazilian, Japanese and Turkish banks all using Fujitsu biometric solutions to support day-to-day banking transactions. However, it is only recently that British banks have started to deploy the technology on a significant scale. We are seeing a growing confidence in the security and effectiveness of biometric technologies, perhaps in part brought about by both Android and Apple mobile devices using finger/thumb print scanner technology as an unlocking option. After all, as the technology goes from new to familiar, there’s a natural acceptance and understanding, which breaks down previous barriers to entry.

“Financial institutions are keen to enhance their security measures further and to improve customer service. Biometric technologies, by being unique to the individual, help achieve both goals. Their use often reduces the use of passwords, or even eliminates them altogether, while often also providing an audit trail. When deployed to help identify customers, their use can speed up the identification and log-on process, by removing the need for security questions.

“The reliability, security and accuracy of biometrics make them ideal for banking. Add to that the widespread adoption of biometrics on mobile devices, and it’s clear the technology is set to flourish. Consequently, at Fujitsu, we believe that the use of biometrics in banking is something we will see much more of in coming years.”

(Source: University of Oxford)