X. Thou shalt only use the official app store for apps.
Summary:
This commandment is more targeted at the mobile device side of technology, but app stores are spreading into the desktop/laptop areas by way of Windows Store for Windows 8.1 and Windows 10.
From a mobile device perspective, you should only use the official app store for that platform. Most smartphones come with a setting that tells them to only allow apps to be downloaded and installed from the official sources (or not to be installed from untrusted sources).
So for iPhones, only use App Store, Androids should only use Google Play, Kindles should use Amazon Appstore and Blackberrys should only use Blackberry World.
Apple has very tight control over the apps it allows in App Store. It checks the apps very thoroughly to ensure nothing nasty can get onto its customers devices. They have had issues in the recent past, but they are the most secure of the mobile platforms because of their controls.
Google Play is larger than App Store and as such would be more of a target for the bad guys. While they do scan all new apps coming into the store, there have been occasional breaches, for example in April and May of 2016. More concerning was a raft of Malware that surreptitiously rooted Android devices in June 2016.
Rooting is a procedure which gives the user of the device complete control over all of the devices functions and removes any built-in security protections or restrictions that the manufacturer included on the device.
That’s all there is to it. I will continue below with some details on the subject of App Stores and mobile device security. So if you are not interested in such particulars, just make sure you only use the official one for your device.
Detail:
Rooting/Jailbreaking a phone is not a good idea:
If rooting goes wrong, from an Android perspective, it’s very easy to make a mistake and, what is referred to as, “brick” the phone (i.e.- turn it into an expensive paperweight). If you do that, you won’t get any sympathy from the manufacturer or mobile operator, as rooting will void the warranty.
Also, because you are using the phone at an elevated level of access, you could be more easily compromised by malware, which will be able to execute without restriction.
In the Apple universe, some people like to Jailbreak their iThing. This is similar to rooting and it enables you to install some tweaks and apps that Apple don’t approve of. However anytime there is an iOS update distributed by Apple, this is going to un-Jailbreak the iThing, so you will have to go through the process of re-Jailbreaking and reinstalling the apps that you want.
Jailbreaking also can cause the iThing to become unstable and may require regular restores. Finally, it has been shown that some iOS malware requires a Jailbroken device, so it obviously dramatically reduces the security of the device.
Secure your mobile devices:
As a bare minimum you should use a PIN or password to lock your mobile devices. Patterns are not quite as secure as a PIN and certainly not as secure as a password. Also make sure that the device auto-locks after a relatively short length of time (30-60 seconds).
If you have a fairly modern phone and you store any sort of Personally Identifiable Information on it, then you must encrypt the data at least, but realistically you should do it to the entire device. Remember that we talked about this in Commandment VI.
Have it set to receive and install updates automatically in order to plug any security vulnerabilities as mentioned in Commandment I.
A reputable Anti-Virus app should also be deployed. Keep it updated and active at all times in accordance with Commandment II.
Turn off Bluetooth when you are not using it and if you are having a highly confidential conversation, do NOT use a Bluetooth headset, as audio eavesdropping on Bluetooth is ridiculously easy. Turn off Bluetooth and use a wired headset for such conversations.
Also, if you are the creator of confidential materials, you might want to ditch the Bluetooth keyboard as intercepting keystrokes is even easier.
Secure your app store accounts:
I’m sure you have heard the horror stories of people’s children running up massive credit card bills by way of in-app purchases on the games they play on tablets and smartphones. Well there is a straightforward way of preventing that from getting out of control. Simply set your mobile device to ask for a password for every purchase from the app store. Oh and obviously you don’t give the child the password – m-kay! J
If you have no other security controls on your mobile device at least have the store account secure, because if thieves get your phone, they could max out your credit card on all sorts of nice things for themselves.
Record your IMEI number:
The IMEI number is a unique number assigned to your mobile phone and it is used by the mobile operators to identify your phone (as distinct from your number which is assigned to your SIM card). If you make a note of the IMEI number, then in the event your device is lost or stolen, you can notify your mobile operator and they can block the device which will render it useless (at least within Ireland).
It’s quite easy to get the IMEI number for your handset. Simply dial *#06# and your devices IMEI number will be displayed. Take a screenshot of it and e-mail the picture to yourself so you can have it handy.
Conclusion:
If you have any comments, suggestions or questions on the above, please leave a comment below.
Do you have a Commandment for Cyber Security to add or any thoughts on those that I have listed, if so please let me know and I will do a follow up after I have completed the run through.