Describe how to protect your applications

Completed

In the modern world we're always connected, and applications have become central to how we engage with it. Whether you're talking to friends or colleagues, shopping or banking—applications make all this possible. All reputable application and software developers aim to build robust and hardened products that deliver the functionality we need, and the security to keep cybercriminals at bay. A hardened application is one where the developer has tested it against all the latest cyberattacks before making it available to download. Software developers offer patches and upgrades to ensure that your user experience is the best and safest it can be.

But cybercriminals are unrelenting in their desire to obtain your data, and will look to exploit any weakness or vulnerability. There are a few things that you can do, either as an individual or an enterprise organization, to protect the apps that you use.

Patching promptly

Operating systems and most mainstream applications—for example, word processors and music apps—will issue updates or patches. Some of these offer improvements in functionality, but the majority will be to patch a known security weakness or vulnerability in the software, or to improve the application's security. Cybercriminals and hackers focus on these applications looking for exploitable vulnerabilities. When one is identified, they move quickly to write malicious code. If successful, this malware can take control of the application or intercept data being accessed by it, until the next patch is released, and the cycle starts over again.

As part of a robust security process or policy, you should ensure all applications used on your device have the latest patches or updates.

Application configuration

Most applications are developed with a balance of security and usability in mind. All applications come with a default configuration designed for optimal usage and to allow as much access as possible. Some might have a default user account—admin, for example—with a standard default password.

Cybercriminals are quick to identify these vulnerabilities, and exploit them by using default settings to access your applications. It's vitally important that you check your application configuration settings and, where possible, change the passwords on default accounts and settings. This small step can often thwart an attacker and improve the confidentiality of your data, and the integrity of your application.

Privacy settings

Every activity that you carry out, from an instant message application or just using your browser, is tracked and recorded. A small part of this is so developers can improve the application. However, the majority of data collected is used by advertisers to offer targeted content based on the things you're looking at, or doing.

All applications give you a degree of control over what data is collected by providing privacy settings—these vary with each application. For example, a map application may have privacy settings that prevent it from recording the routes you've used. A shopping application can be told not to remember the items that you were browsing.

It's good practice to locate the privacy settings and tailor them to what you want.

Cookies

Browsers use cookies to hold details about what you were doing on a specific website—from the last thing you searched for, to passwords or other personal data. Some measures have been introduced to try to limit the amount of data that's retained in cookies and on the website. A cybercriminal could exploit your browser and access these cookies to gain information and data.

Every browser offers the ability to clean up unused cookies or to remove all of them from your browser. It's good practice to periodically do a clean-up of cookies. However, there's another way to manage your cookies by using the private browsing window in your browser. You may have seen them as incognito or privacy windows. This offers a higher level of security, to let you browse with more confidence. When you close the browser window, all cookies and any history are automatically deleted.

Using verified applications

Just a few years ago, the only way to get an application was to buy it from a shop, take the box home and use the CD-ROM to install it on your computer. For all its antiquated aspects, this was by far the safest way to obtain and then use software. The internet has made the world a smaller place, and you can now obtain applications from the comfort of your chosen device without leaving home. There's a huge choice of online shops offering the best opportunity for you to find the app you're looking for. But for every genuine shop selling an app, there's likely to be another offering a cheaper version, which might contain some unwanted additions.

A cybercriminal might copy the latest or bestselling app and hack it to include malware. Then they can make it available through a store, selling it cheaper than anywhere else. We all like a bargain, especially if it means getting the latest app at a fraction of the price. The compromised app might well behave exactly as the genuine one, but underneath the hood the cybercriminal can search your device for personal or sensitive data. This can then be extracted and used for their own purposes.

As a matter of good practice, you should always download your apps from verified and trusted stores.