Imagine you woke up to find your government had lost its grip on reality. That’s what I woke up to here in the UK once again this morning on finding the UK government has banned use of Apple Watches during Cabinet Meetings.
Even though they’ve already banned use of mobile phones.
Think about that
It means that the UK government has banned people from using Watches that aren’t connected to the Internet in the first place.
Why aren’t they connected? Because once the smartphone is removed from the equation, then the Watch is no longer online. That’s because the Watch doesn’t have its own individual connection to the Internet and relies on the connection the smartphone provides.
This means that no one can hack into the Watch once the phone is offline, which itself means all the UK government needs to do is switch its smartphones off. It’s a typical misstep. Though it does make sense to keep all the electronics offline during a critical meeting, I guess.
Other than creating yet another Apple-bashing headline, the event does help illustrate the challenge of maintaining security in the mobile age.
We know that hackers, crackers, criminals, governments all over the place are attempting to use these devices to get what they can: information, banking details, secrets, and more.
We know the US and UK do it. And UK.gov seems to think the Russians do it too. It’s logical to think every government is spying on everybody else, and it’s not just government. Juniper Research predicts cybercrime will cost around $2 trillion per year by 2019, and four in 10 companies have already suffers loss of key corporate data from a mobile device. Not excepting that as of April 2016, one out of every 120 smartphones had some type of malware infection.
“Android smartphones were the most targeted mobile platform, accounting for 74 percent of all malware infections compared to Window/PC systems (22 percent), and other platforms, including iOS devices (4 percent),” Nokia said in its Threat Intelligence Report.
That’s a huge problem, but banning use of a device that isn’t itself online will do nothing to mitigate the risk. It’s a pointless maneuver from an administration that evidently doesn’t have a clue.
Eager for improved UK governance, pending introduction of a better administration, here are a few ideas as to how government, enterprise, or anyone, can reduce their mobile security risk:
Education is a good place to start. It’s important to ensure ministers and other employees are sufficiently tech literate that they know how to spot and avoid phishing attacks. They must also understand not to click on links in unsolicited email, how to keep their devices fully up to date, and must be told to avoid using any device that isn’t in receipt of regular and timely security updates (you know who you are).
Housing for all
Housing is important, even for data. The UK government could, should and probably already has instituted effective, industry-standard Mobile Device Management tools; it should already have put data tracking solutions in place to track the path of sensitive data, enabling remote data deletion if information is stolen or a device is lost of mislaid. It must ensure data is protected across the whole journey, from the server it is housed on to each edge point.
Free trade benefits everybody
The UK government should be advising ministers not to install any software on their devices that comes from a non-standard, trusted source; it should educate ministers to use different passwords for each service; it should enforce use of only trusted cloud services and avoid use of any public file-sharing or storage services. Government data should be held on a browser accessed, biometrically authorized private cloud. What’s critical is to enable the benefits of cross-platform, multi-device openness while protecting trade across every platform and technology border.
Infrastructure investment is necessary
Maintaining investment in infrastructure is important. You see, many attacks come across networks, through buggy Wi-Fi access points, or even via inherently insecure connected devices such as HVAC systems.
“Enterprise security teams often don’t focus on the cellular radios in smartphones, which, if not secured, can allow someone to eavesdrop on your CEO’s calls,” said Joshua Franklin, NIST cybersecurity engineer. This is clearly the issue the UK has with Apple Watch, but it’s a non-issue if the iPhone is switched off, or left in a lead-lined room.
Real solutions, not populist prejudice
There’s a growing movement toward situational awareness and 24/7 monitoring in mobile security. This relies on deep data capture and analytics to recognize and quickly respond to any anomalies identified on the network or on its connected devices. While fast and responsive, the security protocols that are enforced within this are based on real-time threat intelligence, rather than populist prejudice or inflexible philosophies that make no real sense.
I very much hope this short list helps enable a better future UK government to understand why banning an Apple Watch will achieve nothing for data security.
Google+? If you use social media and happen to be a Google+ user, why not join AppleHolic’s Kool Aid Corner community and join the conversation as we pursue the spirit of the New Model Apple?
Want Apple TV tips? If you want to learn how to get the very best out of your Apple TV, please visit my Apple TV website.
Got a story? Drop me a line via Twitter or in comments below and let me know. I’d like it if you chose to follow me on Twitter so I can let you know when fresh items are published here first on Computerworld.