Quite often, companies don't realize that the mobile apps they use are reason for concern. Once their data is breached, they begin to investigate. However, there are telltale signs that indicate an insecure mobile app. If you know what to look for, you may be able to avoid a catastrophic data breach.
Mobile apps are everywhere and their benefits are many, offering functionality, flexibility, and increased productivity. These apps have altered the way we do business. Unfortunately, all of these benefits do come at a price. As a business owner, how can you be sure that the mobile apps you and your staff access are secure? According to the most recent report from Lookout, the malware encounter rate in the U.S. is at 7%. Estimates indicate that more than 6 million Android devices are affected by malware.
The BYOD trend is reason for concern
Some companies are following the BYOD trend, but this practice has brought about some critical security concerns that need to be addressed. According to the Ponemon Institute's Cost of Data Breach Study: Global Analysis, the average cost resulting from a breach increased 15% in 2014, reaching $3.5 million.
Rigorous checks on mobile security must be implemented and adhered to. A solid Mobile Device Management (MDM) policy is essential for every company.
One obvious sign that an app might be malicious is atypical data access patterns. These patterns are concerning because some apps record your unencrypted data so it can be sent to a designated server. Once there, ruthless business rivals or cybercriminals may collect your data. This transfer of sensitive data is very common and frequently goes unnoticed.
Excessive data usage or unexpected charges on a cellphone bill may signify the presence of malware. You need to monitor the amount of data each app uses. If you find suspicious activity, flag it. If you establish an audit trail, you will have a clear picture of data usage.
Inability to encrypt corporate data
It is unrealistic to think that employees will follow an MDM policy prohibiting them from installing apps on their devices. This is especially true if the device belongs to the employee. You can mitigate the data leakage problem and user-installed malware issues by ensuring that all your corporate data is encrypted and remains inside a secure container.
Although cloud-based services are a convenient option when transferring files, if your staff is using a third-party app there is no guarantee that your files are secure. According to a new Netskope report, 88% of cloud apps used as a result of the BYOD trend are unsafe. This report also states that 15% of employees' credentials have already been compromised.
If you do not have a system that secures the transmission and employs the encryption of your files, you may be unknowingly leaking data everywhere.
This is an obvious risk to the security of your data. If you decide to allow mobile devices to access your network remotely, then you need to take the appropriate steps to authenticate the user.
Mobile apps are not tested to ensure security
Enterprise app development focuses on business value, as opposed to security. For this reason, you need to consider professional penetration testing. It can uncover vulnerabilities and weaknesses you may have overlooked.
Building effective security is much less expensive and easier to do during the development of an app. You should consult with an expert to ensure that security testing remains an important part of your software development process from the beginning.
The opinions expressed in this Blog are those of Michelle Drolet and do not necessarily represent those of the IDG Communications, Inc., its parent, subsidiary or affiliated companies.
This article is published as part of the IDG Contributor Network. Want to Join?