Cell phone theft can compromise corporate data; How do you protect yourself?

This text was written by a TecMundo columnist.

In recent years, the cyber attack surface of enterprises has grown exponentially. There are various devices that need to be protected, such as laptops, IoT, sensors, servers, cloud connections, payment machines, and other equipment with access to the internet and corporate networks. However, the mobile phone is without a doubt the most connected device, the most exposed due to its mobility, and the device that carries the largest amount of sensitive data.

According to Anatel (National Telecommunications Agency), about one million cell phone blocking requests were made in Brazil in 2022 alone due to theft or loss of devices. Considering that each of these mobile phones carries the personal and professional digital life of the user, this data is alarming.

Losing your cell phone for any reason is a nightmare. In it we concentrate applications from banks, social networks, family and friend connections, documents such as RG, Voter Title, Vaccination Card and others. Also, if the device is connected to the corporate network, the risk rises to another level.

According to a Forrester Consulting study commissioned by Tenable, respondents admitted to using a personal device to access customer data (55%), including financial records (38%). In contrast, 64% of security leaders say employees are unaware of current measures to protect their home networks and personal devices. And most leaders (59%) do not visualize their employee safety practices.

On the other hand, the criminal tries every possible way to gain an advantage over the victim. In the case of personal device, it seeks access to impersonate the person and commit fraud or bank transactions. In the case of a corporate device that may contain emails, documents, access keys, messages, business-specific applications, among other information, the attacker can promote fraud, invasions, data leakage, among others.

For this reason, it is vital that companies warn their employees about the risks that may arise in case of loss of their mobile phone and that the temporary blocking of access by informing the manager is a priority.

On the other hand, the need for exposure management and awareness of the business attack surface is clear, using methods, tools, and concepts such as ASM (English acronym for attack surface management).

It is important to conduct an inventory and promote monitoring of the IT environment by integrating people, processes, technologies and infrastructure. It is about implementing continuous management of all company assets, both internal and external, regardless of device and location from which they are accessed. There are many measures: you need to have asset visibility, support disclosure management, implement security policies, patches and fixes, and also implement tools that work by behavior and within the concept of Zero Trust.

Planning incident response is easier when we know what to protect. The truth is that we can get lost in our pockets, stolen, misplaced, etc. We have an open portal connected to the Internet. It’s up to us to find ways to prevent strangers from spying on or invading our digital lives.

Arthur Capella is the managing director of Tenable in Brazil.