News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Subscribe & Follow

Advertise your job vacancies
    Search jobs

    Explosion of mobile usage in Africa comes with security risks

    Limited access to landlines on the African continent has resulted in low figures for internet penetration: 28% penetration in Africa vs 89% in North America, for instance, as highlighted by Internet World Stats in June 2016. But, this imbalance is fast changing with the explosion of mobile device penetration on the continent.
    Image by 123RF
    Image by 123RF

    According to a Pew Research Centre survey done in 2015, in some countries on the continent “cell phones are as common… as they are in the United States”.

    And, as smartphones get smarter, services to mobile users become increasingly sophisticated.  It’s now far more common, for instance, for companies on the continent to deliver confidential documents to their customers via mobile devices.  But, this poses security risks for both the company and the recipient – yet knowledge about the security risks is not nearly as extensive as is the usage of mobile devices.

    Companies that send documents to mobile devices need to take the steps necessary to protect the customer’s data. But how can companies minimise this data risk on mobile phones?

    In a Q&A, Grant Shortridge, executive head: Striata Commercial Solutions, outlines how organisations can ensure they keep their customer data safe, even when it’s on the customer’s mobile device:

    Q: How prolific is mobile use in Africa right now?

    A: Mobile phones have had great success in Africa, because access to landline infrastructure has been limited. Smartphones have also started gaining significant traction. According to Pew Research Centre, around 34% of South Africans and 27% of Nigerians said their phones were smartphones, and this is helping to bridge the internet access gap. Africa is expected to hit the one billion mobile subscriptions mark in the fourth quarter of 2016, according to research from Ovum, which projects that the figure will hit 1.02 billion by the end of the year.

    Q: How have smartphones started bridging the internet gap?

    A: Many companies on the continent have started to deliver confidential documents to their customers via mobile devices. People opt to receive personal information in the form of payslips, invoices and statements via mobile, as it’s the easiest way to access that information. Of course, this poses security risks for both the company and the recipient. Unfortunately awareness and knowledge of these risks isn’t what it should be.

    Q: How can companies mitigate these risks?

    A: Companies that send documents to mobile devices need to take as many steps as necessary to protect the customer’s data. In South Africa, the Protection of Personal Information Act (POPI) will soon make that legally necessary. But in truth it’s a two way street - companies can only do so much, users need to do their part as well, by being sensible and vigilant.

    Q: Why has document security for mobile phones become an issue?

    A: Because of the proliferation of mobile users globally, security threats directed at mobiles specifically are becoming increasingly sophisticated. Hackers are targeting mobile payment systems as well as mobile browsers themselves.

    Beyond that, a 2013 Consumer Reports survey found that almost 70% of US users didn’t back up their mobile data, and almost two thirds don’t lock their screens at all. We have no reason to believe that these numbers are any different in Africa. But even if they are, the fact of the matter is that this type of administration should be implemented by everyone, without fail.

    Q: Whose responsibility is data security when it comes to mobile phones?

    A: As mentioned, it’s a two-way street. It is partly the sender’s responsibility in terms of encrypting and protecting any sensitive documents; and it is the mobile user’s responsibility in terms of ensuring the device itself is secure. The sender has no control over the device that the information will be received on. So, to be safe, it’s better that the sender assumes the device is unsecured and takes the necessary steps to encrypt or encode access to the files.

    Q: How can a sender help ensure that information sent to a mobile is secure?

    A: Documents delivered by email should be encrypted and password protected. Basic PDF encryption is not sufficient, neither is using an easily identified password like an ID number. To really protect the personal data inside a document, it should encrypted AND password protected with a medium to strong password.

    If confidential documents or data are made accessible via a proprietary application, the application must not automatically log the user in or store the login details. If it’s not possible to add a security layer into the app process, then each document needs to be protected.

    Perhaps most importantly, the company should continually educate its customers on emerging risks and the appropriate mobile device and application security. In as many customer touch points as possible, reiterate the security principles that will protect their confidential information.

    Q: What can you do as a user to protect data on your cellphone?

    A: Set up a pin or passcode to access the device. Auto-lock should ideally lock the phone after three minutes of inactivity. Be very careful about what apps you download and use. If you are concerned about the legitimacy of an app, read the reviews and use Google to see if there is any online chatter from users.

    Keep your apps updated. Updates can fix vulnerabilities that will otherwise leave you exposed.

    Don’t allow apps that store sensitive information to ‘store’ your password or automatically log you in. Rather opt to login manually each time, and once you have finished what you need to do, remember to logout. In fact, whenever possible use dual factor authentication (username & password plus a one-time PIN, for example), especially for your banking apps. Gmail, Facebook, Twitter and Instagram are commonly used apps that offer dual factor authentication to avoid unauthorized logins..

    Major smartphone manufacturers now also allow for a remote ‘wipe’ of the data stored on a handset. Investigate this option. A remote wipe will remove any sensitive data if your phone is stolen or lost.

    Let's do Biz