7 ways to prevent mobile break-in

With billions of mobile devices on the market, locking hackers out of them is imperative.

mobile security
Looking over your shoulder

As mobile devices continue to penetrate our society, mobile security is becoming increasingly difficult to manage. Every mobile device, whether it’s a phone or a tablet, provides hackers with a new avenue to seize private information. We’ve seen many banks, hospitals, and other large organizations have enormous data breaches that caused a lot of damage and recovery time, and they don’t appear to be slowing down anytime soon. For this reason, it is important to take these steps to keep mobile devices protected. Sinan Eren, vice president of Avast Software and general manager of Avast Mobile Enterprise, provides advice on how to do so.

mobile security
Credit: Thom Juul
Be cautious when connecting to public WiFi Nnetworks

Public WiFi networks are a common attack vector for hackers trying to gain access to private information, so you should connect to a virtual private network (VPN) when possible. Before the start of this year’s Mobile World Congress, Avast Software conducted a WiFi hack experiment at the Barcelona Airport. It revealed that thousands of trade show attendees ignored the risks for convenience and put their devices and corporate data at risk.

mobile security
Credit: josh james
No data on the device

Data that never resides on the device cannot be lost, stolen or mishandled. First-generation mobile security solutions attempted to lock down the device as a means to protect data. Now we know that device management still leaves data vulnerable. Managing disparate mobile devices and operating systems can swamp IT departments with tasks that ultimately do not advance the organization’s security posture.

mobile security
No persistent sessions

Another way to thwart hackers is to limit the availability of your app’s attack surface. Make sure that attackers don’t have endless amounts of time to strategize paths to your IP.  By eliminating persistent sessions, you make it very difficult for an attacker to establish a beachhead in your organization.

mobile security
Enforceable policies for apps and access

One of the fastest and easiest first steps to gain control over mobile apps is to examine your policies. Every organization should have an easily enforceable policy covering employee access to mobile apps and the resources apps themselves access. For example, seasonal or temporary workers only need access to the apps specific to their tasks, not the entire network. Overreaching permissions from third-party apps should be monitored and controlled from IT, not by users.  

mobile security
Credit: Lori Greig
Use security SDKs to encrypt your data

Security SDKs are a great way to protect your data as well as the encryption keys that are used to protect that data. Anytime you can add a layer of security to protect your information, the harder it will be for hackers to access that information. While that may seem like common sense, many still fail to do this.

mobile security
Credit: m01229
Bake security into app development

Security is still separate from the app development process. Security must be baked into the entire development process, from the testing and quality assurance stage, through to production stage before it is submitted to an app store for approval. Failure to think holistically about security only increases the odds of something going wrong.

mobile security
Beware third-party repositories

Developers often insert third-party components such as file format parsing, networking and compression libraries into their programs. These modular components fit most programs like a glove and it would be pointless to write new ones every time a developer is writing another program. Developers picking components off the shelf must take the extra time to validate that every component they use is up to date and continue to do so after release.