The rapidly expanding digital world has made our lives more interconnected than ever.
We can control our home thermostats from afar, transfer money between bank accounts, monitor our weight loss goals, view pictures of our friends' vacations, unlock our doors, store all our personal and family photos, and perform many of the duties of our jobs — all from a computer that fits in our pocket.
And every day seems to bring a new app, software upgrade or device that promises to make the current conveniences we enjoy seem quaint and old-fashioned. There are more connected devices in operation than there are people on the planet, and we're keeping more personal information than ever on those devices.
A recent CompTIA survey found that 28 percent of consumers have banking or financial information on their mobile devices, 24 percent have passwords saved in a file or app on their smartphones or computers, and 14 percent have health insurance or medical information on their devices. Additionally, 77 percent have contact and other personal information on family, friends and co-workers — a situation that makes everyone in a person's address book vulnerable to potential hacking.
Clearly, we all have more to do if we are to implement workable device security policies and measures that can protect our data and our virtual lives. Though malware targeting mobile technologies is still a relatively small segment of the overall cyberattacks worldwide, it has been on a startlingly fast upward trajectory in recent years. McAfee Labs found that mobile malware incidents jumped from less than 4 million in the first quarter of 2015 to more than 16 million at the same point in 2017.
It's not just individuals who are at risk. Twenty percent of businesses report having been breached via employee mobile devices, and 24 percent are not sure if they have been attacked via mobile devices, according to a survey by Dimension Research in April.
But bad actors don't need to physically possess a device to hack it — they exploit users through phishing attacks, rogue Wi-Fi networks, malicious apps, or hidden vulnerabilities in the operating systems of our devices.
Of course, device makers have substantially improved security features over the years. For example, in July Apple unveiled an update to its device operating system that helps protect iPhones and iPads from hackers who attempt to use Wi-Fi to penetrate devices. Policymakers have also begun to focus on this issue, with the Department of Homeland Security announcing last month $8.6 million in research and development grants to improve mobile device security throughout the government.
Still, we must endeavor to stay one step ahead of hackers to ensure that the trend of mobile device hacks does not become a threat to our livelihoods and our economy. Smart public policy should be guided by industry best practices, and it should emphasize investments in education for both cybersecurity workers as well as consumers.
With that in mind, there are three things we can do to make sure devices remain secure and sensitive data is protected:
First, policymakers should facilitate industry-led initiatives that promote device security, while resisting one-size-fits-all mandates that inhibit innovation or force device makers to divulge proprietary information that could be exploited by bad actors.
For example, the National Telecommunications and Information Administration has already begun an initiative that draws on government and private sector input for how to improve security for “Internet of Things,” or IoT, devices. And the Federal Trade Commission has issued guidance that has heralded the crucial notion of “secure by design.” Both those initiatives are driven by industry expertise and best practices, and they should serve as a model for initiatives that are the most likely to bring greater security, without sacrificing innovation.
Second, government and industry should double down on efforts to sponsor education and training programs to recruit cybersecurity workers. A modernized, well-trained workforce will be the key to addressing the challenges that emerge when rapid technology innovation and malicious actors coexist.
Finally, individuals should take advantage of the opportunities that exist to learn good cyber hygiene practices as well as being aware of the ways their personal information can be targeted and how their actions could impact themselves, their loved ones, and their employers. Simple things like limiting what you do on public WiFi, keeping your mobile software and apps up to date, and deleting unused apps can go a long way to creating device security, per the National Cyber Security Alliance.
This is a challenge we should all be invested in tackling. It is only through vigilance, prevention and preparation that we will preserve and protect the innovations that have made our lives easier to lead.