• Office of the Comptroller

There’s an app for that – but is it safe?

Current technology has made it possible to create applications to accomplish many tasks that make our work and home lives more efficient. However, in the rush to launch applications, some developers have not focused enough on security. Examples like SolarWinds and Parler application breaches, which resulted in the data of millions of businesses and individuals being stolen, demonstrate the risk of relying on applications for business and personal use. Here are some recommendations for their use, whether internally developed or third party:

  • Review which applications you are using for business and personal use.

  • Determine which you are no longer using, and decommission or delete them.

  • Review and limit access to necessary applications to ensure that only authorized staff have it.

  • Review administrative access for staff who can make changes to applications to ensure it is limited to least required, and that it is routinely monitored.

  • Ensure that all staff use strong and long passwords for all applicatons.

  • Limit the data added to applications to the minimum necessary.

  • Review contract terms with third party applications to ensure that they are meeting or exceeding security protocols.

  • Stop using applications with known risks.

In addition to your normal incident response protocols, please contact CTREmergencyNotification@mass.gov with any incidents or suspected incidents of fraud or cyber attacks, or if you need assistance with internal controls.

26 views0 comments