Post-RH-AppSecurity

App Check! How many apps are running on your phone right now? Have you ever checked to see what they can access and whether they need it?  
Here are a few reasons you should care:
  1. Many apps are accessing your microphone and recording what you say.  “But I have nothing to hide.” This is not just about what you say – this data can be used to assume your identity virtually, using your voice recognition to access your accounts or con other people into doing things thinking it is you.  “Jonny, I sent someone to get you, go get in the car with them…” 
  2. Many apps are accessing your camera and/or pictures.  This can be used to track your locations and interests as well as to prey upon you or your loved ones.
  3. Many apps are constantly collecting your location data – criminals use this to know when you are home or where you go, making it easier for burglars, or worse – predators looking to take advantage of you or your loved ones.
  4. Some apps request access to your contacts. This information can be used for a host of nefarious purposes, one of which is impersonating you and reaching out to those contacts to trick them into an action or behavior.  We have all seen at some point that email or text from someone we know that was clearly not from them.  Today the criminals are much less obvious in their messaging.
  5. Many “safe” apps are simply always running in the background, slowing down your phone and using your data while collecting whatever information they can on your usage, search terms, websites visited, and more. This information is also then sold to some parties that will use it to target you for scams or manipulate your behavior through information in your feed.
 
Here are a few best practices to better secure your Phone, Apps, and Personal information. 
  1. Know where your apps come from – Especially on Android.  Stick to the Google Play Store, and even then, you can be sure that a flashlight app that needs microphone access is spyware.  (Fact, a majority of flashlight apps a few years ago were all malware). When something is free – it means you or your information is the product.
  2. Manage your App Permissions. Only allow the minimum privileges needed for the app. And in most cases reconsider if you actually need an app that requires advanced privileges. 
  3. iPhones – Settings > Privacy
  4. Android – Application Manager / or Device > Application
  5. Lockdown access to the Camera
  6. Lockdown access to the microphone
  7. Lockdown access to your pictures
  8. Lockdown access to your Location
  9. Lockdown access to your Contacts
  10. Update your OS and Apps promptly.  Your OS should be on automatic update.
  11. Lock your devices (use a unique code – not 1234) and activate your phone’s “find device” service which can locate your phone on a map and remotely wipe it. 
  12. WiFi and Bluetooth should always be turned OFF when not using them.  (Do not allow your phone to automatically look for and join hotspots.)
  13. NEVER use public WiFi.  Many are honeypots to sucker people in and legitimate ones are often the hunting grounds of criminals exploiting them.
  14. Always suspect unrequested texts and emails. Every single time someone sends an urgent request for you to provide or “verify” information it will be a trap.  Assume that any links or attachments are a trap as well unless you have personally verified independently with that person that they are sending you the anticipated link or attachment.  (Even images can be weaponized).  
  15. Back up your data.  Your phone will get broken, lost, stolen, or go dead at some point.
  16. Use an antivirus app. This does not mean you can ignore #7, but it may help some of the times you forget.
 
For more tips, or to learn more about fostering a security-minded culture at home or at work, check us out at GlobalLearningSystems.com.

 

Author:
Robert Hodges
Global Learning Systems

 


Forsyte I.T. Solutions and Global Learning Systems understand that cybersecurity education is a critical step in protecting your people and data. We partner to generate awareness and keep organizations safe. If you would like to learn more about the educational benefits Global Learning Systems can drive for your organization, please reach out to Robert Hodges at rhodges@globallearningsystems.com.

 
FREE GLS Resources to leverage this month:

Robert Hodges is a 15-year cybersecurity industry veteran, currently leading Business Development at Global Learning Systems, a top Gartner ranked provider of enterprise security awareness and compliance training solutions worldwide.  

Read more about tools and tips for instituting better cybersecurity solutions

– Azure AD Password Protection

– Azure AD Password Reset

– Password Sync vs. ADFS

Connect with us on social to see recent news and industry updates.
Comments are closed.