Master Mobile Security: Tips from Forbes and the NSA

Play Video about Golden Nuggets Thumbnail Earl #10

Join our Chief Information Security Officer, Earl Duby, as he discusses a recent Forbes article on new mobile phone vulnerabilities and reviews a vital document from the National Security Agency.

The 2020 NSA guide outlines essential controls to protect mobile devices against various cyber threats. Earl breaks down these recommendations, offering straightforward, actionable advice to enhance your mobile security. Learn why regular updates and downloading apps from official stores are crucial for safety.

This video provides essential tips and a thorough analysis of the NSA’s best practices for mobile devices. Whether your tech-savvy or seeking to secure your digital presence, this content is rich with valuable insights.

The video covers rising threats to cloud infrastructures, evolving election security concerns, and practical strategies for network defense. Stay ahead of cyber threats by understanding these pivotal developments.

Transcript: 

(0:05) All right, welcome to this episode of Golden Nuggets.
(0:08) What I want to talk about today was an article that came out recently in Forbes magazine, came out on June 1st. And in the article, they talk about how to secure mobile phones. And the reason they brought this up is apparently there’s a new type of mobile phone attack that’s happening.
(0:31) And if you read the article, it goes into some detail about how this is affecting VPNs on mobile phones.
(0:34) But what caught my eye as I was reading this article was a link that they had in here to a document that the National Security Agency released about four years ago in 2020.
(0:46) Granted, it’s a bit aged, but it’s a really good representation of different controls that you can do on your mobile phone, along with the different types of attacks that these controls would help mitigate.
(0:59) And if you look at the chart, across the top, you have all of these different controls. And then along the left side are these different types of attacks.
(1:09) And what I think is interesting is the way that they laid this out.
(1:13) To the far left, you have the controls that have the most impact because they affect the most types of attacks.
(1:21) And then as it goes to the right, these things get less and less effective in terms of the attacks that they have listed.
But, you know, as you kind of look at these different mitigation methods, you know, you have things that are very common sense.
(1:40) You know, I think everyone should be doing these things. So you have like update your software and your apps. So if you have a phone, you should just turn automatic updates on and you should just update your software, you know, your operating system, put your apps on auto update.
(1:57) So all of these things should be updating, you know, at night when it’s on the charger and keeping your phone as fresh and updated as possible, because honestly, that is your best way of reducing the vulnerabilities and, you know, different ways that these adversaries get into your phone.
(2:17) And then you go to the next one, which is install apps from official stores.
(2:22) Now, to me, this also should be a no brainer.
(2:25) You know, download the official apps.
(2:29) You know, if you jailbreak your phone and then you go to some sketchy website and start downloading applications from there, chances are you’re downloading malware right into your phone and you don’t even realize it.
(2:40) So the best way to stay safe is to only install apps from the App Store or Google Play or the different, you know, the official repositories for those apps.
(2:53) Because the other thing that happens there is each one of those store, you know, whether it’s Google or Apple, they’r vetting those apps before they even get into the store.
(3:03) So they’re already checking it for malware.
(3:05) They’re checking it for interoperability and things like that.
(3:09) So it saves you a ton of hassle if you just get the good stuff and don’t jailbreak your phone.
(3:17) Now, this next one, you know, this is where the NSA started to lose me, because first of all, I’m sitting here going like, why is the NSA trying to tell us how to keep our phones secure and protect our privacy?
(3:30) Because it’s kind of like counterintuitive to what the NSA is doing.
(3:34) But then, you know, you kind of look at this from the NSA perspective.
(3:38) This is probably the guidance that they give to their agents and the people that are working for them in terms of, hey, here’s how you protect government secrets.
(3:49) So, you know, you take it with that grain of salt, because you look at this next one, it says turn off cellular Wi-Fi and Bluetooth.
(3:57) So while I agree that, you know, you should be turning off Bluetooth and Wi-Fi if you don’t need those things.
(4:05) Like, how do you have a phone and you turn off cellular?
(4:07) It’s kind of kind of crazy. It’s very hard to do that.
(4:11) Now, I would say, you know, if you’re putting your phone next to your bed when you go to bed at night, yeah, maybe turn these things off.
(4:19) Just so that your alarm clock works or whatever.
(4:24) And then, you know, as you slowly work across, you have do not connect to public networks.
(4:29) Always good advice.
(4:30) You know, even if you’re in a, you know, a coffee shop or whatever, you know, try to, you know, look at the different networks that are being offered and be very sure about which one you’re connecting to.
(4:46) Because a lot of times the adversary or just, you know, people that are out to cause mischief will create a public Wi-Fi network that is like one digit off or one character off from the Starbucks network or the Bigby network or whatever.
(5:01) And you connect to that one and then all of a sudden they have access to your phone.
(5:06) So just if you are going to connect to a public network, make sure you’re connecting to the actual network you think you’re connecting to.
(5:15) You can go across here and there’s different things that I think are useful or not useful, but, you know, one that I do want to talk to is, you know, getting further over to the left where you have like a lock device with a pin, you know, even though it shows that it only has one mitigating control, and even that only sometimes prevents, I think it’s a far more valuable control than what the NSA is giving it credit for.
(5:42) Is locking that device with a pin, because I’ve known countless people that have left their phones in the taxi cab or in the Uber or laying around at the restaurant or whatever.
(5:57) If that phone doesn’t have a pin on it, you know, someone can just pick your phone up and start looking at your pictures and figure out where you went on vacation last week.
(6:05) So I think that one should be just as critical as some of these other ones further to the left.
(6:12) And then, you know, just, I think just take a look at this chart, download it, follow the link to the app or to the article or post it in the blog here.
(6:27) And then just download this thing.
(6:29) It comes with the front page of this.
(6:32) This is a two-page document.
(6:33) The front page has a nice diagram of how these controls, how you get to them on your phone.
(6:40) So it’s helpful in that way too.
(6:42) So take the time, download this two-page chart from the NSA and protect your phone a little bit better.
(6:50) And then one thing that’s not in this chart, but I think is a good piece of advice, and you’ll get it if you actually read the Forbes article, is this idea that, you (7:00) know, when you turn your phone in, like you’re trading in your phone for a new phone or you’re giving it away or you’re going to dispose of it somehow, always do a factory (7:10) reset on your phone so that you wipe all of your data off of that phone before you give it away. (7:17) I think that’s pretty important.
(7:20) All right.
(7:20) And that, I think, is some really good advice on how to protect your smartphone while you’re using it, when you go to dispose of it.
(7:29) So I think, you know, read the article, good stuff in there.
(7:33) And that wraps it up.
(7:34) And thank you for tuning in to this Golden Nugget and stay tuned for future Golden Nuggets in the future.
(7:41) And thanks for joining.
(7:43) Bye.