Executive protection is often characterized by inconspicuous bodyguards safely transporting VIPs from place to place. However, much like other parts of our lives, the risks to a person have moved beyond physical harm to all-out digital warfare.

The well-documented exposé on NSO Group acted as a stark reminder that any individual, including high-profile dignitaries, could become the target of a sophisticated spyware attack — and enterprise leaders are not immune. Once installed, these applications are able to covertly infiltrate devices and listen to conversations, read text messages or locate the user using GPS tracking. In some cases, these details could even be sold to the highest bidder on the black market and used for nefarious reasons.

One of the most vulnerable devices an executive will carry on a regular basis is their cell phone, which has the potential to contain some of the most prolific spyware. As a risk professional with executive protection responsibilities, the question, therefore, is how can you mitigate these risks?

Prevention is better than cure

The best way to reduce risk is to put robust security measures in place before any potential threats have breached the digital boundaries. Some of the actions you can take include:

• Using two-factor authentication: There have been a number of breaches in which both businesses and high-profile individuals had their cloud accounts hacked, and sensitive information was leaked without the knowledge of the affected parties. Two-factor authentication has been proven to considerably reduce the risk of breaches in the cloud as well as any other sensitive accounts. 
• Biometric authentication: Most spyware needs physical access to the phone to be installed effectively. Instructing executives and employees to keep their phones locked against physical threats is therefore absolutely vital. Especially when the hacker is someone that you know, passcodes alone are often not enough to effectively secure a phone. Using biometric authentication (such as facial recognition or fingerprints) in addition to a strong passcode is arguably one of the most effective security measures for mobile devices.
• Separation of the personal and private: Another way to mitigate risk is to have employees use separate personal and private devices. One of the main reasons that executives fall victim to a security breach is because they’re using one device for multiple purposes, which creates more opportunities for spyware to be downloaded. A simple way to mitigate that risk is to have a dedicated work and personal phone that are not linked together via a shared cloud.
• Mobile security applications: While all of the aforementioned methods are effective ways of reducing risk, they do not completely remove the potential for a breach. A good mobile security app that scans phones regularly for spyware will inherently improve protection. Not only does this tool help reduce risk by identifying malicious apps at the source, but it also means that security leaders are aware of the privacy breach at the earliest point, giving them the opportunity to limit the damage caused.  

Removing threats efficiently

Sometimes, despite best efforts, spyware can find its way through mobile security measures. If a breach should occur, there are steps security leaders should take — some radical — to remove the problem and mitigate damage:

• Update mobile devices and apps: One of the easiest ways for hackers to gain access is to exploit out-of-date software, either in the operating system itself or individual apps. Regularly installing recommended updates is an easy way to help protect devices against certain forms of spyware.
• Use intruder detection: Another way to protect a mobile device is to use an intruder detection app to catch whoever has physical access to the phone. For example, it can detect when an incorrect PIN is entered and either take a secret photo of the intruder or sound an alarm. This feature is especially useful to those concerned about spyware or stalkerware because most apps require physical access to the device to be installed. Intruder protection also gives users concrete evidence of a breach and means you are able to remove the spyware much quicker.
• Factory reset: If all else fails, the last resort would be to restore a device to factory settings. This erases all data from the phone, including any spyware or viruses that might have been present. However, make sure any important data is backed up before doing so.

As the world changes, so does the protection industry. It is imperative that executives adapt to the constantly evolving risks against them. With cyberattacks, arguably one of the biggest threats they face in the 21^st century, it’s time to tackle the problem head on and create secure foundations for protection in the digital realm.