National Cybersecurity Awareness Month Part II – Keep Tabs on Your Apps
Oct 18, 2019
We continue our discussion of cybersecurity this week by focusing on application security. Security at the application level includes browser privacy settings, accessing public networks, and social media behavior. It also deals with reducing the risks of mobile apps and protecting yourself from phishing techniques. Regular software updates are another crucial aspect of application security.
A browser’s privacy settings determine how websites monitor your online behavior. They can improve your browsing experience, but they can also reduce your security while doing so. The specific settings depend on your browser, but they generally fall into the following categories:
Cookies Tracking Location services Pop-ups
Cookies are files that websites store on your computer, which contain information on your browsing preferences. They allow sites to remember your preferences, such as your login information for each site. Some cookies can also compromise your privacy by recording the sites you visit.
Websites may be able to send information about your browsing to third-party content providers. Many browsers can track the information that third-party sites can collect on you. For example, this capability is called Tracking Protection in Internet Explorer.
Location services prompt you for your physical location to improve your browsing experience. For example, a mapping site can use this information to center a map on your location. Most browsers will alert you when this happens and provide you with options, such as always allowing the site to use your location or only allowing the site to use it on that particular visit. Use extreme caution when determining whether to enable location services since it allows a hacker to know your approximate geographic location. In the mapping example, it’s usually better to bring up a general map and center it yourself.
Pop-up ads are another form of privacy invasion while browsing the Internet. Browsers provide various levels of pop-up blocking, such as always allowing them, never allowing them, and specifying a list of websites where you want to see pop-ups.
Public wireless (Wi-Fi) hotspots provide a way for mobile users to connect to the Internet, especially at airports, cafes, and hotels. They also pose security risks since hackers can also create hotspots to gain access to your mobile device. Use your own hotspot if available instead of public Wi-Fi, and never engage in sensitive activities that involve banking or credit card information from an unsecured public access point. For further protection, only shop or bank on secure sites that have a URL beginning with “https://.”
Use caution when disclosing personal information about yourself or loved ones on social media. Most people already know they should never provide sensitive data like their physical address, social security numbers, account numbers, and passwords. However, many of us are still unaware that seemingly innocuous information, like where you get coffee, your birthday, vacation plans, and work location, can also make you a target for criminals, especially when they combine it with other details.
Most mobile devices use apps, including smartphones, toys, and other connected appliances. However, apps can run in the background and use permissions you didn’t realize you had approved, allowing them to gather personal information without your knowledge. You should only download apps that come from a trusted vendor. Apply the rule of least privilege when setting permissions for your apps, meaning an app should only receive permissions you’re sure it needs. Never grant a privilege request if you don’t understand it.
Phishing is a fraudulent attempt to obtain sensitive information through electronic communication by posing as a trusted correspondent. This often takes the form of an email message that appears to be from your bank or credit card company that asks you to verify personal details. Every year we see more news about the continued deluge of malware, scams, ransomware, and the like. Hackers see the holiday season as prime time to send bait. Always check the originator’s address carefully to ensure it’s the one you expect. Don’t respond if anything about the message seems strange or too good to be true, and don’t click on any links or attachments in the message. The “block” or “junk” options on your email client will be your best friend in these situations. In the office, be sure to notify the IT security team of suspicious emails, who can investigate potential attacks.
Like vitamins, software updates can make a big difference in keeping your devices healthy. Most software distributors release updates to their products on a regular basis. You don’t necessarily need every one of these updates, although you should always apply security patches as soon as they’re available. Malware changes quickly to take advantage of newly discovered vulnerabilities, so you should consider enabling automatic updates if available.
We hope you found ‘Keep tabs on your apps’ tips on application security useful. UNICOM Engineering recognizes that increasing security often means sacrificing convenience, so you have to decide where the best balance lies, both for you and your place of business. In our next post, we’ll share additional ways of protecting yourself during Cybersecurity Awareness Month and the rest of the year.
National Cybersecurity Awareness Month is co-led by the National Cyber Security Alliance (NCSA) and the Cybersecurity and Infrastructure Agency (CISA) of the U.S. Department of Homeland Security. For more information about ways to stay safe online visit staysafeonline.org/ncsam.