Frequently, companies don’t realize that the mobile apps they use are reason for concern. Once their data is breached, they begin to investigate. However, there are telltale signs that indicate an insecure mobile app. If you know what to look for, you may be able to avoid a catastrophic data breach.
Mobile apps are everywhere and their benefits are many, offering functionality, flexibility and increased productivity. These apps have altered the way we do business. Unfortunately, all of these benefits do come at a price. As a business owner, how can you be sure that the mobile apps you and your staff access are secure? According to the most recent report from Lookout, the malware encounter rate in the US is at 7%. Estimates indicate that the number of Android devices affected by malware is more than 6 million.
Some companies are following the BYOD trend, but this practice has brought about some critical security concerns that need to be addressed. According to the Ponemon Institute’s Cost of Data Breach Study: Global Analysis, a security breach can be costly. Average costs for a breach increased by 15% in 2014, reaching $3.5 million.
Rigorous checks on mobile security must be implemented and adhered to. A solid Mobile Device Management (MDM) policy is essential for every company.
One obvious sign that an app might be malicious is atypical data access patterns. These patterns are concerning because some apps record your unencrypted data so it can be sent to a designated server. Once there, ruthless business rivals or cyber-criminals may collect your data. This transfer of sensitive data is very common and frequently goes unnoticed.
Excessive data usage or unexpected charges on a cell phone bill may signify the presence of malware. You need to monitor the amount of data each app uses. If you find suspicious activity, flag it. If you establish an audit trail, you will have a clear picture of data usage.
It is unrealistic to think that employees will follow an MDM policy prohibiting them from installing apps on their devices. This is especially true if the device belongs to the employee. You can mitigate the data leakage problem and user installed malware issues by ensuring that all your corporate data is encrypted and remains inside a secure container.
Although cloud-based services are a convenient option when transferring files, if your staff is using a third-party app there is no guarantee that your files are secure. According to a new Netskope report, 88% of cloud apps being used as part of the BYOD trend are unsafe. This report also states that 15% of employees’ credentials have already been compromised.
If you do not have a system that secures the transmission and employs the encryption of your files, you may be unknowingly leaking data everywhere.
This is an obvious risk to the security of your data. If you decide to allow mobile devices to access your network remotely, then you need to take the appropriate steps to authenticate the user.
Enterprise app development focuses on business value, as opposed to security. For this reason, you need to consider professional penetration testing. It can uncover vulnerabilities and weaknesses you may have overlooked.
Building effective security is much less expensive and easier to do during the development of an app. You should consult with an expert to ensure that security testing remains an important portion of your software development process from the beginning.
This article was originally published in Network World.
Image credit Cutcaster.