Our mobile phone system in the US is compromised. Government and cell phone companies have confirmed that. Here are my Key Takeaways from the CISA Mobile Communications Best Practice Guidance, which was released this week.
Adopt Phishing-Resistant Authentication. Use FIDO2 security keys or passkeys for secure, phishing-resistant multifactor authentication (MFA). Transition away from SMS-based MFA, which is vulnerable to interception and phishing.
Use encrypted messaging apps (e.g., Signal) for secure communication across devices and platforms.
Keep Devices and Accounts Secure by regularly updating device software and using the latest hardware with advanced security features.
Protect mobile carrier accounts with PINs to prevent SIM-swapping attacks.
Store strong, unique passwords in a password manager and avoid reusing credentials.
Review and revoke unnecessary app permissions.
On iPhones, enable Lockdown Mode and use iCloud Private Relay.
On Android, use trusted DNS resolvers and enhanced browsing protections.
Assume that highly targeted communications (e.g., those containing Controlled Unclassified Information or CUI) are at risk and adopt multiple layers of defense.
These are the key steps to safeguard mobile communications.
0 Comments