The UK’s National Cyber Security Centre (NCSC) has published a new report warning of the threats posed by malicious apps. With apps touching so many elements of our personal and professional lives, our Cyber Security Product Director Robert Sugrue takes you through how to protect yourself from the risks malicious apps pose.
Have a think about how many times you interact with apps each and every day. So many of us have social media apps to keep up with friends, banking apps to manage our finances, and travel apps that help us get to where we need to go. But as the NCSC recently noted, apps “can also be installed on laptops, computers, games consoles, wearable devices (such as smartwatches or fitness trackers), smart TVs, smart speakers (such as Alexa devices), and IoT (internet of things) devices”.
The ubiquity of apps makes them attractive to hackers, who seek to use weaknesses in app stores to share malicious apps that can steal data and money – as well as location data and even personal health information.
We all need to take steps to protect ourselves. But how? In this blog I’ll take you through some best practices you should follow.
How to Protect Yourself from Malicious Apps
Technology leveraging apps is not going anywhere any time soon, so we all need to start using best practices when interacting with them – whether that’s on a phone, laptop, console or smart device. Here are the steps I would recommend you take to protect yourself from the threat of malicious apps:
- First and foremost, do not use jailbroken devices! If you are an individual user that has a jailbroken device to access unapproved apps, do not use the same device for other purposes such as personal email, shopping or banking, and keep it off your Wi-Fi networks.
- On your smart devices, if you haven’t already, install a reputable endpoint security app. There are loads available in the recognised app stores – choose a reputable vendor and make sure you install the app correctly. If you are part of a larger organisation, use endpoint security that complements your corporate strategy and can be monitored by your wider security solutions. If you are a corporate, also make sure your devices are correctly centrally managed and controlled.
- Avoid buying cheap gadgets that have app controls. Although it’s tempting to get a £10 smartwatch, it’s £10 for a reason. One of those reasons could be that the software is not thoroughly tested and could also be there to purposely harvest personal information.
- Finally, delete apps that you do not use and be cautious when choosing new apps to download. Check the app reviews and research the publisher/creator to make sure they are reputable. This goes for all of your devices, be it a smartphone, a fitness tracker, your TV or even your kitchen appliances!
Follow Best Practices Across All Your Devices
We are all familiar with taking care when downloading software from the Internet these days; if it doesn’t look right, we know it’s probably not right and we simply move on without downloading it. With our app stores it can be different; because they are provided by the vendors we feel safe, and all apps are generally presented in more or less the same way – meaning it’s very difficult to get that feeling that introduces doubt over the authenticity of an application. We need to be cautious, though.
The reason this is so important is because malicious apps can give hackers their first foothold in your network. They don’t care if that’s your phone or your TV – they are just looking for an ‘in’. Once the hacker finds their opportunity, and in a similar way to phishing, they will look to escalate their privileges, move laterally and then maximise their control and reward through stealing data, bank details or simply deploying ransomware across more than just the device that they were able to compromise initially.
While the government is reviewing advice to start giving us better visibility to security ratings of apps and looking to hold app store vendors accountable for security assurance, we are not there yet – remain vigilant!
About the Author
Robert Sugrue is Cyber Security Product Director at Six Degrees. At Six Degrees, we’ve been helping organisations confront cyber security challenges for over 15 years. While cyber threats are always developing, our experience and industry presence is testament to our ability to stay ahead of emerging threats.
The next step on your organisation’s cyber security journey may be our Cyber Security Maturity Assessment. Six Degrees conducts a comprehensive cyber security maturity and benchmarking assessment, delivered and managed in a consultant-led approach that provides you with point-in-time or ongoing visibility into your organisation’s security posture.
Contact us and speak to one of our experts today.