Mobile security tips from CISA become tailored following telecom breaches
In the wake of the Salt Typhoon intrusion, a China-government sponsored threat group that has compromised the private communications of highly targeted individuals, the Cybersecurity and Infrastructure Security Agency (CISA) has issued guidance to enhance mobile security.
Jeff Greene, executive assistant director for cybersecurity at CISA, emphasized the need for individuals to take personal security measures during a media briefing. He stated that while there's no single solution to eliminate all risks, implementing these best practices will significantly enhance the protection of communications.
The guidance advises users to use encrypted voice and text applications to minimize the risk of communications interception. CISA recommends using end-to-end encrypted messaging apps like Signal. It also suggests using a password manager to store and protect all passwords with a strong passphrase.
Another key recommendation is enabling Fast Identity Online (FIDO) phishing-resistant authentication, preferably with hardware-based FIDO security keys or FIDO passkeys. The guidance discourages using a personal Virtual Private Network (VPN) and warns against using simple text messages (SMS) for multifactor authentication due to their lack of encryption and resistance to phishing.
CISA's mobile security recommendations are applicable to all audiences, but they are not simple and require technical knowledge. To address this, the guidance advises setting a personal identification number (PIN) for telecom provider accounts and purchasing the latest version of hardware offered by your preferred mobile phone manufacturer.
In addition to these mobile-specific recommendations, CISA's general guidance includes patching vulnerabilities promptly, enhancing monitoring for suspicious activity, implementing multi-factor authentication, developing incident response playbooks, and maintaining good cyber hygiene practices.
Greene urged highly targeted individuals to review the guidance and apply those that suit their needs. He also emphasized that going forward, individuals can no longer ignore their own security, comparing the need for individual security to keeping an eye out while walking down the street.
For the most current advisories and recommendations related to the Salt Typhoon incident, it is advisable to visit the CISA website. The complicated steps are an acknowledgment that federal authorities don't have confidence in the structural integrity of telecom networks' security, underscoring the importance of individual efforts to enhance mobile security.
- Recognizing the risks of phishing, Jeff Greene from the Cybersecurity and Infrastructure Security Agency (CISA) advises using end-to-end encrypted messaging apps like Signal and enabling Fast Identity Online (FIDO) phishing-resistant authentication for stronger cybersecurity.
- To minimize the risk of data interception, CISA's recommendations include using encrypted voice and text applications, such as Signal, and enabling FIDO phishing-resistant authentication, preferably with hardware-based FIDO security keys or FIDO passkeys, in the realm of data-and-cloud-computing and technology.
