The days are long gone where the security threat surrounded our computer only. Modern problems have expanded to our personal devices. The broad classiﬁcation of these threats would fall into four categories:
- Application-based threats
- Web-based threats
- Physical threats
- Network-based threats
Application-based threats: Privacy, information security, and data security are inseparable, dependent on each other, as well as, complimentary.
Web-application threats occur when the application resembles an authentic application, but it is a disguise and has the ability to skim your precious information.
The prime examples include malware and spyware where your personal information is at stake.
Web-based threats: As subtle in nature, these web-based threats remain unnoticed because visitors visit malicious websites that are better from their front-end but in reality, they are skimming your information by downloading malicious content on your device.
Physical threats: This occurs when you lose your mobile phone or if it has been stolen. This is a strong case for hackers to loop into your personal information via your device (as they have direct access to the hardware where all your personal information is resting).
Network-based threats: This is where cybercriminals are actively looking to encrypt your data with the use of public Wi-Fi networks.
The advanced mobile threats comprises of:
- Phishing attacks;
- Data leakage;
- Unsecure Wi-Fi (particularly public Wi-Fi) connection;
- Sim Swap
Phishing attacks: A phishing attack is an online theft attack that gains your personal information such as username, password, and even your ﬁnancial information. Phishing education is mandatory to mitigate the risk of this threat to an acceptable level. It is incumbent to learn that phishing is different from conventional scams. The thwarting ways would differ depending on the level of fraud committed and who is the victim (corporation or individuals).
For corporations it would be:
- Design policies in place and the communication should be strong,
- There should be a control designed to ensure the legitimacy of an email and it should be communicated to loyal customers (as well as others),
- Scan the internet for likely phishing sites,
- Implement a quality anti-virus, anti-spam, and content ﬁltering at the gateway.
For individuals it is simple:
- Block malicious or fraudulent email promptly,
- Detect and delete malicious software immediately,
- Block the sensitive information delivery to third parties automatically,
- Apply skepticism wherever necessary.
Data Leakage: Data leakage occurs where there is a compromise in the (information) conﬁdentiality breach. This refers to an unauthorized leakage or possible data transmission within an organization to a third party. The lost data is either private, sensitive, or conﬁdential in nature. The data could be lost due to a system crash or even a deliberate deletion.
- Quarantine your outgoing information (which is private, sensitive, or either conﬁdential in nature) from your organization network.
- Archive suspicious ﬁles.
- Quarantine sensitive ﬁles to be copied into USB or smartphones.
- Block print jobs that contain private information.
- Discover conﬁdential information that is stored on databases, organizational laptops, and workstations.
Unsecured Public Wi-Fi: Public Wi-Fi networks offer potential privacy risks and invite security issues. People are tempted to pursue public WiFi which is controlled by a hacker. It invigorates the MITM attack.
- The network should be veriﬁed. Hackers are smart but users are smarter, it is better to play smart.
- Using a VPN (Virtual Private Network) which is the most secure surﬁng option on public networks.
- Use Antivirus and keep the Firewall Enabled.
Sim Swap: A fraudster beautifully impersonates you and manages to get victims Sim deactivated. There is a replacement activation without the knowledge of the victim (Marimuthu, V., 2019).
This is a surplus for hackers where they can reset victims’ online accounts. EFANI was designed to mitigate such happenings with a 100% money-back guarantee for 60days.
- Beware of phishing – as it penetrates sim swapping incidents. These sketchy emails and bogus logins can get the hacker the required information and these key data can spawn a sim swap occurrence.
- People should rely less on online space, they should reduce the personal information to be stored online. Social engineering is an initial sim swapping stage, where the hacker collects as much information as they want. Keep compromising information low-key such as your digits, date of birth, mailing address off your account.
- Protect your accounts or crypto space using Yubikey, frequently changing the PIN, multi-factor authentication. Please do not trust SMS-based 2FA.