JOHANNESBURG - Africa is known, with good reason, as the mobile continent. Without widespread traditional landline infrastructure, people across Africa adopted mobile phones at a rate matched in few other places around the world.
Mobile phones are the sole means many Africans have for accessing the internet. In South Africa, for example, Effective Measure’s South Africa Mobile Report (2017) research shows that some 70% of internet users browse the internet with their mobile devices. Thanks to the rise of smartphones, they can also do more with their mobile devices than ever. With that enhanced capability, however, comes increased security risks.
Many companies on the continent have, for instance, started to deliver confidential documents to their customers via mobile devices. People opt to receive personal information in the form of payslips, invoices and statements via mobile, as it’s the easiest way to access that information. Unfortunately, awareness and knowledge of these risks isn’t what it should be.
The scale of the problem
Because of the proliferation of mobile users globally, security threats directed at mobiles specifically are becoming increasingly sophisticated. Hackers are targeting mobile payment systems as well as mobile browsers themselves.
Despite those obvious risks, only a small percentage of global smartphone users back up their mobile data. More than a quarter of American smartphone users meanwhile don’t protect their smartphones with a lock-screen.
We have no reason to believe that these numbers are any different in Africa. But even if they are, the fact of the matter is that this type of administration should be implemented by everyone, without fail.
What users can do
Apart from backing up your mobile data and using a lock-screen, what other security measures can you put in place? For starters, you should be very careful about what apps you download and use. If you are concerned about the legitimacy of an app, read the reviews and use Google to see if there is any online chatter from users. Keep your apps updated. Updates can fix vulnerabilities that will otherwise leave you exposed.
Don’t allow apps that store sensitive information to ‘store’ your password or automatically log you in. Rather opt to login manually each time, and once you have finished what you need to do, remember to logout. In fact, whenever possible use dual factor authentication (username & password plus a one-time PIN, for example), especially for your banking apps. Gmail, Facebook, Twitter and Instagram are commonly used apps that offer dual factor authentication to avoid unauthorised logins..
Major smartphone manufacturers now also allow for a remote ‘wipe’ of the data stored on a handset. Investigate this option. A remote wipe will remove any sensitive data if your phone is stolen or lost.
What companies can do
Of course, security is a two-way street and companies have a role to play in ensuring that the documents they’re sending are as safe as possible.
Companies that send documents to mobile devices need to take as many steps as necessary to protect the customer’s data. In South Africa, the Protection of Personal Information Act (POPI) will soon make that legally necessary.
It’s also important to remember that the sender has no control over the device that the information will be received on. So, to be safe, it’s better that the sender assumes the device is unsecured and takes the necessary steps to encrypt or encode access to the files.
Additionally, documents delivered by email should be encrypted and password protected. Basic PDF encryption is not sufficient, neither is using an easily identified password like an ID number. To really protect the personal data inside a document, it should encrypted AND password protected with a medium to strong password.
If confidential documents or data are made accessible via a proprietary application, the application must not automatically log the user in or store the login details. If it’s not possible to add a security layer into the app process, then each document needs to be protected.
Perhaps most importantly, the company should continually educate its customers on emerging risks and the appropriate mobile device and application security. In as many customer touch points as possible, reiterate the security principles that will protect their confidential information.
A shift in mindset
While both companies and users can implement these techniques, perhaps the most important thing is a change in mindset. It’s important that everyone realise that their mobile devices have similar capabilities to their desktop and laptop computers and that they’re equally, if not more, vulnerable to attack from cybercriminals.
Grant Shortridge is Executive Head - Striata Commercial Solutions at Striata, South Africa.
The views expressed in this article are not necessarily those of the Independent Group