Mobile Security - Erevio Notes

> [!abstract] In short: Mobile security protects mobile devices, the data they hold, and the networks they connect to. Phones are the gateway to both our personal and work lives, which makes them a juicy target for attackers. ## What it covers Mobile security focuses on protecting mobile devices, the data they store, and the networks they connect to from a wide range of threats. Those threats include hackers trying to steal **PII (personally identifiable information)**, malicious apps trying to corrupt the device, and unsecured networks exposing your data. Phones store and transmit a lot of sensitive information: personal data like contacts and messages, financial information and credit cards, corporate data, and more. They are the gateway to our personal and work life, and that makes them a prime target for cybercriminals. ## Device protection Protecting a device works in layers, each one covering specific vulnerabilities. > [!info] Device security: Passcodes, biometric authentication and remote wipe capabilities to delete data if the device is stolen. > [!info] Data security: Encryption of data, secure backups, and data loss prevention strategies so sensitive information isn't shared or leaked. > [!info] Network security: VPNs and private tunnels to shield data, plus secure communication protocols. > [!info] Application security: App vetting (carefully choosing what you install), permission management (not granting apps excessive access) and secure development practices so apps are built with security in mind. ## Common attack vectors Two worth calling out are **phishing** and **smishing** (phishing over SMS). Mobile devices are where most people first read links and messages, which makes them a prime entry point for social engineering. > [!warning] Keep everything updated: Many attacks rely on known vulnerabilities that have already been patched. Keeping the OS and apps updated closes those doors before anyone uses them. ## Who is responsible Like [[Physical Security]], this is a collaborative effort. 1. **IT departments** implement and manage security solutions like secure networks and device encryption. 2. **Chief Information Security Officers (CISOs)** develop security strategies, assess the risks of mobile device usage, and ensure compliance with legal and regulatory requirements. 3. **Security teams** test and assess security measures, running penetration tests to find vulnerabilities and address them. 4. **IT security managers** control day-to-day operations, ensure policies are followed and tools are working, and adapt measures to new threats. > [!tip] A mobile device is like a grenade with the safety pin in your pocket. Harmless when well maintained, but dangerous if you're careless. A small slip can lead to big damage.