How can you make sure the mobile apps you access are secure?
A security profile should be at the top of the developer’s list when compiling a mobile app but that’s hardly the case. That’s a pity, because building a profile is easier to do during the dev phase. Are most mobile apps putting your data at risk? Most likely so. According to the most recent report from Lookout, the number of Android devices affected by malware is more than 6 million.
Luckily, there are telltale signs that indicate an insecure mobile app. Becoming the nose on a hound dog will let you sniff for clues of any potential harm of a data breach. Otherwise it will cost you. The Ponemon Institute’s Cost of Data Breach Study says average costs for a single breach increased by 15% last year, reaching $3.5 million.
One obvious sign that an app might have malicious intent is a sudden, uncommon data access pattern. These patterns are concerning because some apps record your unencrypted data so it can be sent to a designated server. Once there, ruthless business rivals or cyber-criminals may collect your data. This transfer of sensitive data is very common and frequently goes unnoticed.
Excessive data usage or unexpected charges on a cell phone bill may signify the presence of malware. You need to monitor the amount of data each app uses. If you find suspicious activity, flag it. If you establish an audit trail, you will have a clear picture of data usage.
It is unrealistic to think that employees will voluntarily follow a mobile device management (MDM) policy that prohibits them from installing apps on their devices. This is especially true if the device belongs to the employee. You can mitigate the data leakage problem and user installed malware issues by ensuring that all your corporate data is encrypted and remains inside a secure container.
Although cloud-based services are a convenient option when transferring files, if your staff is using a third-party app there is no guarantee that your files are secure. According to a new Netskope report, 88% of cloud apps being used as part of the BYOD trend are unsafe. This report also states that 15% of employees’ credentials have already been compromised.
If you do not have a system that secures the transmission and employs the encryption of your files, you may be unknowingly leaking data everywhere.
This is an obvious risk to the security of your data. If you decide to allow mobile devices to access your network remotely, then you need to take the appropriate steps to authenticate the user.
Enterprise app development focuses on business value, as opposed to security. For this reason, you need to consider professional penetration testing. It can uncover vulnerabilities and weaknesses you may have overlooked.
Building effective security is much less expensive and easier to do during the development of an app. You should consult with an expert to ensure that security testing remains an important portion of your software development process from the beginning.
This article was recently published in Dark Matter.
Image courtesy of Dark Matter.