Updated 10/5/2020
More than 80% of Americans own a smartphone, and we’re guessing that you’re one of them. Do you ever feel anxious or disoriented when you’re apart from your phone for more than an hour? You’re not alone.
Collectively, we have become almost entirely dependent on our smartphones–often viewing these devices as extensions of ourselves. Over the past ten years or so, we have turned to frequently deferring to convenience when entrusting sensitive and personal information to our technological companions. However, this reliance on our smartphones has one glaring issue – we are likely exposing ourselves to a single point of failure.
What’s A Single Point of Failure?
CompTIA Study Guide author and cybersecurity practitioner, Darril Gibson, defines a single point of failure (SPOF) as “a component within a system that can cause the entire system to fail if the component fails.” Imagine a situation in which your phone has been taken from your possession or has been suddenly damaged beyond repair.
Would you be able to continue with your day without skipping a beat or would your routine unhinge with no backup plan in place? If your answer is closer to the latter, then there are a few cybersecurity measures you should consider and practice. In this blog, we’ll discuss how to manage the SPOF risk through periodic backups (cloud and physical), password protection, and mobile device management.
Backups
While the majority Americans own a smartphone, only 6% of people backup their data on a regular basis. The biggest convenience of a smartphone is that all resources and information are accessible from a single place, but if you have experience working with computers you know that systems crash, networks fail, and inevitably, you will lose data.
Ask yourself, “Besides my phone, where do I store all of my photos, audio files and recordings, notes, documents, and contacts?” If you already perform frequent backups to the cloud – kudos to you. If you don’t – start today.
Your smartphone’s operating system contains the capacity to automatically backup your critical data, such as photos, contacts, email addresses, and installed applications. While configuring these automatic backups may be easy, you need to confirm your backup program or strategies actually work. Too often people don’t test their backup and realize it was not properly porting over the data. Usually, by this time, it’s too late to recover the data. The lesson is that you should trust your backup scheme, but verify it actually works with periodic audits. We suggest deleting a few sample text files and figuring out what steps need to be taken in order to restore them. It’s better to verify your strategies now, instead of hoping you can recover your data from a lost, stolen, or damaged phone.
In addition to cloud backups, you can create physical backups that will port over files or specific information that you choose. For example, copying your photos, videos, or audio files from your smartphone to your computer’s hard drive via a USB cable, is particularly useful. Sure, it’s a bit old-fashioned. However, if these files are important to you, then you’re not going to regret spending a few minutes backing them up.
Defense in Depth
Surprisingly, over half of reported smart phone owners don’t use password protection. It’s important to know that in the eye of cybersecurity not all authentication mechanisms are created equal. Each add their own unique layer of protection. For instance, biometric authentication, such as facial recognition, voice recognition, and fingerprint scanners are some of the strongest methods because they are the most difficult for attackers to circumvent. Unfortunately, biometric authentication isn’t hack-proof. Though unlikely, it is possible to bypass this method of authentication. To counteract this, after a few attempts Apple and Android devices disable all forms of biometric authentication and require a separate form of authentication for re-entry.
Another countermeasure for mobile device users is to encrypt your expandable storage–most likely in the form of a micro SD card. Encrypting your storage adds an additional layer of protection that cannot be cracked without the associated key. Fortunately, newer mobile devices offer SD card encryption as an easy option within the settings menu.
One of the most important information security concepts is defense in depth. This concept applies to everyone, from single users to major corporations. Defense in depth is the implementation of multiple layers of security to prevent any SPOF (Single Point of Failure). Users can employ this concept through authentication mechanisms, encryption, and application controls in order to better secure their device(s).
Mobile Device Management
Understanding mobile device management is more important if you have a company-issued smartphone. Do you have a plan to secure your smartphone’s stored data if the phone was lost or stolen? Better yet, is your company using mobile device management (MDM) tools to protect proprietary information from unauthorized access? For example, a full device encryption tool can secure the data on your mobile device so only authorized users have access. Full device encryption provides device security, application security, and data security.
In addition to full device encryption, you should also activate the remote wiping feature on your mobile device. This is exactly what it sounds like – administrators can send a remote signal to the device to clear all data. This is the ideal remediation technique for mobile devices that cannot be physically recovered.
Want To Learn More?
Our smartphones are fully integrated into our daily lives. We depend on them for everything. Yes, they are the center of our productivity, but they don’t have to be the single point of failure. Take the time to perform backups, implement defense in depth, and make time to understand mobile device management. So, when the day comes that you are faced with the challenge of operating without your precious pocket computer, your only loss will be the physical hardware of the phone itself.
Want to become an expert on SPOF, MDM or even risk management? We’re here to help! There is no better time to earn your your cyber cert. Whether you want to prep for your CISSP, Security+ , CEH, or CISM certification, we’re got your covered. Check out our latest promotions or enterprise solutions. We look forward to seeing you in class. Now go back up your phone!