In the age of digital technology, your data is more vulnerable to theft than ever.
According to 2022 Statista data, cybercrime costs us $8.44 trillion and is expected to explode to $23.84 trillion by 2027. Recently, governments have been cracking down on using particular apps, like TikTok, on work devices, leading to growing concern about data privacy.
Since the Russia-Ukraine war began, Google noted more than a 300% increase in Russian phishing campaigns directed against users in NATO countries in 2022 compared to 2020.
A 2022 Forbes article states the government/military faces the second-highest number of average weekly cyberattacks, 1,136, up 47% from 2021. While the UK government recently said Russian hackers seek to “disrupt or destroy” Britain’s critical infrastructure.
As cyberattacks become more sophisticated and widespread, especially during a climate of unrest, it may become more difficult to detect if you are being targeted until it’s too late.
Device Security Features Considered By The Military
Experts at rugged computing solutions provider Getac reveal the important security features the military considers to help protect devices safe from hackers and international threats.
Use Multi-Factor Authentication
Multi-factor authentication (MFA) is widely adopted, even for everyday use like email, and is becoming compulsory for government employees. It involves multiple steps to log in, such as a password, face ID, or fingerprint.
MFA strengthens your device security because if a hacker obtains your password, they must bypass a second step, which can prevent them from accessing your account.
Remove Data from Unused Devices
If you own a Windows device, you’ll have the Trusted Platform Module (TPM) feature. It is a piece of hardware used for data storage and encryption. The trend amongst military-grade devices is toward toolless removal/installation of data.
This strengthens device security as data will only be present when used, facilitating quick data transfer between two devices. It prevents abandoned/old devices from being used by hackers as the data has been removed. So when you get rid of your old phone, wipe all the data before moving on, as hackers can still target it.
Don’t Forget Physical Security
Many laptops and computers have Kensington lock slots. Think of it like a bike lock but for your laptop or computer. They are an ideal feature for military use, making it much harder for thieves to steal your device. Other must-have features are a removable microphone and webcam; if the webcam is built-in, it needs a privacy shutter.
If your mic can’t be removed, taping won’t do anything. Instead, consider buying a microphone blocker. You can also manage which apps have permission to access your microphone and deny access as necessary.
Built-in Anti-Theft Technology
Some devices will have anti-theft tech already built-in. Typically, you install the application that provides device and location data to the tech provider. If your device is lost or stolen, they can lock down your computer so it can’t be accessed. The provider can then determine the location and safely delete your data.
Organizational Device Security
You may need to go further to strengthen the security of work devices. Consider using data encryption and compliance with Federal Information Processing Standards (FIPS).
Encrypt Readable Data
Sensitive data contained on a computer, server, or readable media such as physical discs or USB drives, confidential information can be easily transmitted or stolen.
Some devices and software applications encrypt data on your device, giving you more protection in case of modification, loss, or theft. Organizations will often use a combination of encryption and password protection to protect data.
Comply with Federal Information Processing Standards
Business owners and managers should consider adopting federal compliance methods. The US government operates IT systems according to the Federal Information Processing Standards (FIPS) outlined by the National Institute of Standards and Technology (NIST).
Organizations can strengthen security by adopting the same compliance methods outlined below.
Compliance With FIPS:
- Access Control: Only allow an authorized user access to IT systems.
- Awareness and Training: Organizations should ensure members are aware of security risks associated with using technology and that all are trained to perform responsibilities safely
- Audit and Accountability: Create, protect, and maintain information systems to monitor, investigate and report unauthorized or inappropriate activity sufficiently. Ensure that individual users’ actions can be traced to be held accountable.
- Certificate, Accreditation, and Security Assessments: Regularly assess systems to determine if security controls are effective. Plan and implement corrections to deficient or vulnerable areas of the system.
- Configuration Management: Ensure you can track and control changes to all IT systems across the organization using a standardized process, ensuring that changes can’t be made without justification.
- Contingency Planning: Plan for emergency responses, backing up data, and recovery after worst-case scenarios occur to ensure continuity during emergencies.
- Identification and Authentication: Identify system users, processes acting on behalf of users or devices and authenticate their identities before granting system access.
- Incident Response: Establish a robust system for monitoring and reporting incidents to the correct individuals in an organization.
- Maintenance: Perform regular maintenance on IT systems and grant effective controls to authorized users who conduct system maintenance.
- Media Protection: Protect digital and hardcopy information. Limit access to authorized users, and ensure media sanitization or destruction before disposing of the device.
- Physical and Environmental Protection: Limit physical access to authorized individuals, protect IT hardware from environmental hazards, and make sure IT systems are kept in a contained, secure environment.
- Planning: Develop and update security plans for IT systems, documenting any changes and rules of use.
- Personnel Security: Responsible individuals should be trustworthy and meet the established security criteria. Ensure information and systems are protected when personnel is transferred or terminated—sanction personnel who fail to comply with procedures.
- Risk Assessment: Regularly assess organizational operations, assets, and personnel risk from using IT systems and information.
- System and Services Acquisition: Provide enough resources to protect IT systems and set out processes that consider IT security. Restrict software usage and installation on organizational devices. Ensure third-party providers sufficiently protect any information, applications, and services contracted from the organization.
- System and Communications Protection: Monitor, protect and control communications, and employ tactics to promote information security within the organization.
- System and Information Integrity: Maintain system flaws with regular monitoring and correction. Protect IT systems from malware. Monitor security alerts and act accordingly.
A spokesperson for Getac commented: “Data protection is becoming a growing concern among consumers and organizations. While everyday users might not need to be as strict as the military, the tips outlined are practical ways to help lower the risk of physical and digital threats to your phone, laptop, or computer and enhance your information’s security.”
Getac is a rugged computer solutions provider and has worked with the US Air Force, Dutch Army, and Red Cross Military Corps to help update military technology and fight better in the digital age.