The Growing Threat of Phone Hacking and Mobile Interception. Who's listening?
Mobile phones are a hotspot for hackers to intercept important information about your work and personal life. For more than 70% of US adults, smartphones are the preferred device for accessing the Internet (Gallup, 2014); and with the rise of BYOD (Bring Your own Device) in the workplace, company information is routinely communicated on smartphones. With the huge number of communication options on a smartphone the attack surface for hacking and for the interception of strategic information is large and growing.
Much of the world first became aware of the reality of information interception a few years ago with the Edward Snowden revelations on the extent of US government eavesdropping; and the News of the World phone hacking scandal in the UK where it was found that members of News Group International routinely hacked into people's private conversations. Since then, reports of phone hacking and communications interception are increasingly more frequent last week, among other hacking news, the Mirror Group settled 21 claims of phone hacking. According to insurance giant Lloyd's, companies are losing as much as $400 billion to hackers every year, with smartphone being a key target.
What's fueling increased mobile communications intercept is technology. The means to hack a phone, and to intercept information, is readily available to anyone. IMSI catchers, devices for intercepting and eavesdropping on mobile phones are portable, affordable and available for anyone to purchase on eBay, Alibaba and many other websites. Just search for "buy an IMSI catcher".
The legal industry has been one of the hardest hit. Legal strategy and client-attorney privileged information must be kept private. Earlier this year, 48 international law firms were targeted for attack. One of the firms that was attacked, Cravath, Swaine & Moore, underscored the importance of privacy in their business with a simple statement: "Client confidentiality is sacrosanct."
How do you protect yourself, your business, your clients?
Free mobile messaging apps Viber and Whatsapp made fanfare earlier this year when they began encrypting messages that were sent and received on their platforms. For consumers this is a good thing for protecting personal information, but businesses like legal firms, whose reputations are built on confidentiality, an app like this is not enough. Enterprises want control over who uses the encrypted network as well as which metadata is saved and which is wiped. They need a solution purpose built for business for these reasons:
- Control and Visibility. An enterprise needs tight centralized control of users, the ability to provision or de-provision users instantly, and reporting capabilities. Only authorized users can communicate on the secure encrypted network, greatly reducing the risk that it will be used for bad intentions. And contacts are closed, restricted to authorized users in the app; no communication can be made with the device's contacts.
- Accountability and Compliance. An enterprise solution gives full control of which data is stored and which data is wiped, an important feature that is non-existent in free messaging apps. This is critical for communications compliance in regulated industries like healthcare and finance; and for law enforcement and security services where communications must be secure, but also saved for accountability purposes.
- Deployment Flexibility. Enterprises want the flexibility to deploy their solution as a hosted service or installed in their own infrastructure as business requirements dictate.
- Enterprise Features.Secure conference calling and group chat, secure transfer and storage of images, better call quality and LDAP integration enable secure collaboration across the enterprise, not just one-to-one communications.
An enterprise-grade system, such as ours at SaltDNA, gives full control of the secure mobile communications system to the enterprise. That's why SaltDNA can be deployed and protect privacy where general consumer apps cannot.