Investigations
Security
Capacity Building
Insights
About
Digital Threat Digest Insights Careers Let's talk

Do your digital security measures evolve with technology?

Keith Buzzard CTO

Phone2

In a recent conversation with colleagues, we were celebrating (and lamenting) the technology available to us in 2023. And how different things were in the world of tech when we first got into the industry.

Things got nostalgic very quickly. Remember when we had a different RSA Token for every account? When was the last time you used a TomTom to navigate from one place to another? Remember when we had to actually call someone to order a pizza? Now we can do all that and more on our phones.

It prompted the question: Could you live without your phone?

I think we would all like to say that we could, but when you start thinking about how much we use our phones, and what for, it becomes clear that life without our little pocket computers can be frustrating at best, and impossible at worst.

For example, let’s buy a loaf of bread

This should be a task that requires no interaction with your phone, right? Let us count the ways…

  • Before you leave the house, you may want to make sure the shop is open, or that you have enough money in your account. You may want to set up your favourite podcast or playlist for the journey.
  • You might need to check bus times, or get your maps app ready (even if you know the way, you can check the traffic). You haven’t even put your shoes on yet.
  • Travelling to the shop isn’t tech free either. If you walk, you can track your steps through your smart watch or health app. You use your phone to ‘tap on’ and ‘tap off’ the bus. Some cars use your phone for key control. This last one is unlikely to be the case for pretty much all of us right now, but many people link their centre console computers to their phones for music, maps, hands free communication and more.
  • We’ve finally made it to the shop. In the big supermarkets, you can use Scan As You Go which needs your supermarket app to log in, or you can just use your app directly with the camera function.
  • Time to check out, which again, you can do with your phone.
  • Once home, you can log your spend in a budgeting app, or log the calories of the bread in a fitness app, make a meal plan, find a recipe, the list goes on.

But what does all this have to do with keeping your organisation cyber secure, I hear you ask? Most of us need our phones for work, for authentication apps, using collaboration tools, contacting clients, or communicating with colleagues.

Technology changes so fast, but do our security measures evolve as quickly?

Who knows you better, your family or the internet?

The evolution of the way we use our phones has been progressing so rapidly that, unless you’re in the business, most of us haven’t really noticed. But this naivety can be dangerous when it comes to protecting your data, and that of your organisation. Here are some examples of how cyber security has changed:

Social sign-in. Signing up for an account on a website using social media or Google login details can be quick and simple with no password to remember. But that simplicity comes at a ‘price’; you allow sharing of your data with third-party apps/websites, which may not have the same level of security as the main platform.

Biometric data is another part of everyday cyber security which we use through our phones. You often use a fingerprint or face scanner to gain access to certain apps (e.g., for banking), and even just unlocking your phone. It’s an incredibly useful tool in multifactor authentication.

The Internet of Things (IoT) means any device that is connected to a network—such as a Smart Speaker, smart watch, smart doorbell—can be controlled through apps and are often constantly monitoring audio data so that they can respond to their triggers (e.g., ‘Alexa…’ ‘Siri…’). The main risk when using IoTs is a lack of updates of their software. If a malicious actor is able to gain network access smart devices are often vulnerable targets – how often do you patch your smart lightbulb?

Multifactor Authentication (MFA) was primarily RSA Tokens. Now we get our security codes through our phones either via text, email, or even an app. The MFA codes on apps are often used to access our business devices, such as laptops.

Cloud networks and collaboration tools have swiftly become the default for many organisations as more of us work in hybrid or remote roles. These tools are an excellent way to work on documents with your colleagues and share data easily. The security risk comes from not owning the servers in which much of the data is stored, so ensuring your data is protected is not so simple.

It’s a fast-paced world, are you keeping up?

When it comes to protecting your data whilst still allowing staff to use the latest technology, you’ll need to make sure that processes and procedures related to technology are updated regularly. By ensuring that you have the correct procedures in place and that your team are fully aware of the risks, and what to do in case an attack is attempted, you can ensure that your data remains secure.

Our data protection specialists at PGI are experts in helping organisations prepare for the ever-evolving tech landscape, where we are increasingly dependent on personal devices as collaboration tools and for multifactor authentication in the workplace. Talk to us to see how we can help you.