The presidency of Donald Trump kicked off with some controversy in the area of cybersecurity. The NSA modified the BlackBerry of his predecessor, Barack Obama (who ended up having to part with it for security reasons), the new leader of the United States seems to be less concerned about the vulnerabilities of mobile devices and continues to use an old Android.
According to various reports, the real estate tycoon has a Samsung Galaxy S3 from 2012. The lack of caution on the part of the newly-inaugurated head of state holds a valuable lesson for any top manager of a company. Although Trump’s smartphone may not be the gateway to all the secrets of an entire nation, using a phone without proper security can be fatal to your company.
The main problem derived from the use of an old Android is the lack of updates. Although Google usually reacts quickly whenever a vulnerability is found in its operating system, security patches only come quickly to a few devices, including the company’s own Nexus.
Meanwhile, other smartphones, and especially older models, have to wait months until the patch arrives (if at all).
For this reason, to use an outdated phone in the corporate environment is to be exposed to all types of cyber threats. Everything from a phishing campaign to the installation of malware that takes advantage of an uncorrected vulnerability of the device.
That’s why it is essential to have the right protection and also to make sure that both the phone and its applications have the latest versions of the software installed.
That a cybercriminal can access the outdated telephone of someone in charge, be it the owner of a company or the leader of a country, can have more serious consequences than simply having access to the device itself. Through an unprotected smartphone, attackers could sneak into the networks to which the mobile is connected and steal valuable corporate information.
There are also known vulnerabilities that track what the phone’s owner is typing, take control of the camera, or listen through the device’s microphone. In short, it is too great a risk for the privacy of company data.
Private email should stay at home
Another lesson we can glean from recent US policy is that under no circumstances should a personal email account be used for professional matters. Hillary Clinton already made that mistake, and now Trump’s high-ranking officials seem to be following in her footsteps.
Using personal mail to send corporate information is risky indeed. Unlike corporate mail servers, whose protection is in in the hands of the company’s security department, the services that are usually used to send emails in the domestic sphere are beyond the control of the company.
This does not mean that they are unsafe, but ensuring the absolute privacy of corporate communications is impossible if those responsible for cybersecurity cannot control which accounts are used and how they are configured.