TECH INTELLIGENCE: Application denied

From downloaded applications that help people find the quickest way to a destination, to those that offer virtual private network and business management features, many Windows, Apple, IOS and Android apps are useful and often available at little or no charge. But IT support services professionals know that the convenience apps offer does have a price: the user’s personal information.

Free apps like Facebook, MySpace, Waze and others – like that addictive Candy Crush game –can stick with a business or other user for life as they are transferred from one mobile or other device to the next as the unit is upgraded, representing one of the biggest blind spots around from a cybersecurity consultant’s point of view. Thanks to geolocation and other capabilities, they can track where you shop, where you dine and where you vacation — and with that data in hand, they can often also predict where you will be going.

It is not just a matter of exposing your preferences to third-party players. If an individual’s stored travel, preferences and other information are ever leaked, bad actors can use it to send tailored, realistic-looking “advertisements,” loaded with malware to a user’s device — secure in the knowledge that the individual is likely to click on the “ad” and open their device to hackers.

Along with that, consider how many times you and your circle of Facebook friends answer those seemingly innocent questions that pop up asking for things like where you grew up, what your favorite foods are, your favorite music, your favorite places visited, or what cars you have owned. It seems like a pleasant way to pass a few minutes, but as managed IT services professionals can advise, these sites often gather the kind of information used in answering password or MFA (multifactor authentication) challenges — again providing fast-track entry to your business and personal bank accounts and other sensitive data.

Fortunately, users can take some relatively simple steps to minimize their chances of unintentionally inviting in a hacker. Business owners, for example, can arrange for a penetration test, often referred to as a “pentest” – an ethical cyber hack – where an authorized simulated cyberattack is done on a computer system to evaluate the security of the system. And on an ongoing basis, individuals can periodically review, update and clear out their apps.

In addition, if you have apps that have not been used in a year or more, consider deleting them. And instead of doing a cloud transfer of all your apps to a new device when upgrading, consider manually installing them — this makes it easier to identify and delete ones that are not used very often.

The Apple password is a separate category of potential security concerns. One of the most-used sign-ins on the planet, an Apple ID is free — but if it is compromised, a cybercriminal can clone the target’s phone, potentially exposing all of the target’s bank and other accounts, MFA and other passwords, and other sensitive data. An Apple ID is so necessary that it is virtually impossible to avoid having one; but taking steps like not writing it down and resetting it periodically can reduce the chances of unwanted exposure.

Business owners and others want the convenience and entertainment that mobile device apps offer. But utilizing apps while maintaining the privacy of business and personal accounts means taking a few extra steps periodically to review and secure the devices, apps and accounts. Considering the financial, medical and other information contained on these handy devices, it is a small price tag that offers a big return.

Carl Mazzanti is president of eMazzanti Technologies in Hoboken.