When communicating, be it voice or data communication, you should be aware of the risks associated with third parties gaining access to or modifying your information. Therefore, people handling sensitive or even classified data need to use some type of security solution in order to avoid information leaks.
A person who needs to communicate classified information should use products that are approved by a country’s security authority. The information can be classified into different levels depending on the degree of damage that the information might cause if it falls into the wrong hands: Top Secret, Secret, Confidential and Restricted. Different security solutions are approved for different levels. “Below” the Restricted level is unclassified yet highly sensitive information, for example, company confidential, patient and social secrecy.
Some threats can be removed by changing communication behavior. Others can only be eliminated by using security solutions, such as encrypted products and advanced security solutions. This page is intended to familiarize you as a reader with some of the threats and some of the ways to avoid them.
Threats to voice communication
The most common threats to a voice call are different types of eavesdropping in the network. Calls may be transmitted unencrypted through the operator’s network, allowing anyone with or without authorized access to the network to eavesdrop on a conversation.
For mobile phones there are additional risks, such as the call being connected to a false base station. This type of local eavesdropping makes it possible to intercept and record a call and to manipulate text messages. Another risk is spoofing, where a hacker can easily forge an identity, pretending to be someone in your phonebook.
In addition to this, owners of smartphones may be exposed to trojans and other malware that could be embedded in downloads for the phone. Nowadays an increasing amount of data that was previously stored on computers is moving over to smartphones. The smartphone is an important tool and contains addresses, e-mail, text messages and notes from meetings. It also stores information about the user’s whereabouts, Internet searches and passwords for social networks. A lost or stolen smartphone could present a major security risk.
The development of smartphones and their numerous functions provides many opportunities for flexibility and working on the run. Unfortunately, this also poses considerable challenges in terms of security for organizations with employees who own such devices.
Tips for secure usage of mobile phones
- Never leave you mobile phone unattended and never lend it to someone you do not know.
- Password-protect your mobile phone.
- Ensure that the system software is updated to the most recent version.
- Turn off functions that enable others to connect to your mobile phone, such as Bluetooth.
- Do not connect to unknown wireless networks.
- Do not open MMSs or e-mails from unknown senders.
- Do not open unknown links or attachments and do not approve unexpected installations.
- Download applications only from known sources.
- Turn off your mobile phone if you do not want someone to be able to pinpoint your location.
- Connect or synchronize only cellular devices that are approved by your company to Internal networks and computers.
Threats to network communication
Today, organizations are increasingly using external server farms for storing data. If the data that is transferred between users and server farms is sensitive, or even classified, it needs to be protected with a security solution. If it is not protected, there is the risk of the information leaking somewhere in the network located outside the firewall. There is also the risk that someone with malicious intentions, with or without authorized access to the network, could add false data or modify the data being sent in the network.
Geographic distribution of an operation is both natural and desirable in many companies and organizations, but we still expect network communication between two or more buildings or offices, or between several floors of buildings, to work transparently without delays. This demands a high-speed security solution capable of encrypting and decrypting large amounts of data.