Welcome to “Safe Browsing Practices: Application Ecosystem Security.” After watching this video, you will be able to: identify app and software security concerns, explain how apps and software are compromised, and list the types of data hackers look for. Mobile apps are designed to be functional and easy to use. But they are not always the most secure. Weak passwords, malware, or poorly designed apps can compromise a device, letting hackers access texts, contact lists, personal and business files, and other valuable information. For better security, use strong passwords, only install app store approved apps, and use multi-factor authentication. Multi-factor authentication, or MFA, is a setting that requires you to fill in a code sent to your email or phone to prove that a login attempt came from you. Strong passwords are long, difficult to guess, and have a mix of numbers, letters, symbols, and capitalizations. For example, the phrase, “Johnny Appleseed loves apples” would be a very strong password, especially if it included a mix of numbers and symbols. Some users remove device restrictions so they can make changes and install non-approved apps. This is called “rooting” on Android phones and “jailbreaking” on Apple phones. This adds functionality, but also adds vulnerability. It is harder to root or jailbreak newer model phones, and there is less reason for it with updated features and app selections. To ensure a basic level of security, Apple and Google restrict certain device activities and remove apps from their app stores if they don’t meet security standards. Desktop software can be used to open any file stored locally or in the cloud. Cybercriminals can access and take over software, files, data, and online accounts via PCs that don’t have strong passwords, PCs left in unsecured physical locations, and via unsecured browsing sessions on non-HTTPS websites. IT departments push out security patches and updates on a regular basis to keep operating system and app software secure against known vulnerabilities. But patches and updates alone aren’t enough. Here are some steps you can take to be more secure: use strong passwords, store PCs in a physically secure location, and lock them when not in use. Use good antivirus/anti-malware and VPN software and enable automatic updates. And only browse HTTPS websites and keep software properly configured and updated. These habits make devices harder to hack, which keeps your data protected as cybercriminals will simply move on to easier targets. Business software automates transactions, mines sales data, manages resource and supply chain information, and more. Hackers target businesses with ransomware, zero-day attacks, or other cyberattacks to steal sensitive data, so they can sell or exploit it. This can cost millions and be devastating to consumers, businesses, organizations, and governments. In today's remote-work world, businesses maintain employee education to ensure security best practices are followed, and they use strong tools to prevent, detect and respond to vulnerabilities and threats. To protect corporate files, systems, and resources, businesses must limit access. The ability to share files within an organization or business-to-business is important. When email or USB drives aren't an option, organizations may choose internal network sharing on company-owned hardware for sharing, storage, and collaboration. Or they may turn to the cloud for a solution, like the enterprise versions of Box, OneDrive, or Google Drive. Whichever solution is used, employees must be taught how to properly secure corporate data. A careless worker who clicks on a phishing email or fails to abide by corporate policy can expose a company to unnecessary risk. Company data should only be shared on a need-to-know basis. Insider theft of data and intellectual property is common. Strict access control helps avoid it. But filesharing should be practical. If a company makes it too difficult, employees will find a way around it. For example, consumer-level cloud storage and sharing freeware. Security isn’t as robust in those solutions. If there’s a breach, hackers can steal passwords and reuse them to gain access to company networks. It’s important to remember that you’re only as secure as your weakest link. That’s why there are so many ways to configure network sharing. Whether it’s on-premises, in the cloud, or stored in an unauthorized freeware account, having a plan ahead of time to deal with these potential situations will help companies avoid the worst. In this video, you learned: Strong passwords, antivirus/malware software, VPN, and updates are used to secure apps and devices. Hackers target apps to mine for sensitive data, intellectual property, trade secrets, and financial data. Businesses use multi-factor authentication to protect data, information, and consumer trust, and multiple layers of security are required to keep devices and their data secure.
