Do you read the agreement when downloading a mobile app, or do you just click “accept” like the rest of us? Mobile computing has become ubiquitous with our busy lives as work and leisure flow together seamlessly, and apps help us get more done.
But C-level execs, IT leaders and business owners need to pay close attention to the potential havoc that app security breaches can bring to organizations. These breaches, or cracks, have displayed themselves across the entire spectrum of what happens when corporate data is exposed and mixed with personal data – full on corporate takedowns, DDOS attacks, and ransom ware to the ‘oops’ moments. Remember, your infrastructure is only as secure as your weakest link and mobile end points have become a soft target. They also should take extra care to educate employees about this threat
Years ago (2014 to be exact), the top gaming app was “Kim Kardashian: Hollywood,” and the Environmental Protection Agency’s Office of Water got into hot liquid when an employee failed to log out of an official Twitter account before playing the gaming app. The result was a tweet to 52,000 followers of the EPA office that said, “I’m now a C-List celebrity in Kim Kardashian: Hollywood. Come join me and become famous too by playing on iPhone!
While not a full-on security breach, the agency got an F for the incident, which underscores the blurry lines between work and life.
We Are the Problem
A recent Tech Pro Research survey of IT execs and workers showed that 45% felt that mobile devices were a weak spot in their company’s security defenses. Other triggers included employee data (37%), wireless access of networks (34%), and BYOD policies (29%).
Think about it: we have more computing power in our hands than what was used to send men into outer space and to the moon. Our financial lives, the answer to any question (whether weighty or trivial) and the ability to communicate around the corner or around the world are powerful lures for users – and for people who seek to exploit weaknesses in technology networks and human nature.
An earlier Tech Pro Research study showed that only 12% of companies had been affected by a mobile security breach, which means there still is time to get a handle on the issue. Although Android devices are thought to be a greater mobile threat, attacks on Apple phones have been increasing.
“Yes, mobile devices can be a problem, but like most things in the security world, the issue isn’t necessarily the smartphone, tablet or laptop,” according to the authors of a recent Harvard Business Review article on mobile security. “The problem is us. The solution is following security best practices, protecting corporate data and educating humans — the real weakest link.”
We Also Are the Solution
Companies large and small should be paying attention to the security of the mobile apps their employees use. The IT folks often focus on firewalls, permissions and the security of the app to access sensitive company, client and user information that’s stored on company servers or in the cloud. And those are all important considerations.
Security should be part of the design phase of the software itself.
· Should sensitive information be stored on the device?
· If so, how should it be stored?
· Should you allow third party apps to interact/share data with your app?
· Is the transported data secure or can someone fake a call to the server as though its coming from a device?
Moreover, it’s imperative that companies also consider the human aspects of app usage. If your company has a BYOD policy, what protections are in place to separate corporate usage from personal usage on the same device beyond software app design. Is enterprise mobility management (EMM) an answer?
While it’s easy to say that more employee training is needed, how can IT execs convey the security message in a way that cuts through the noise and clutter of workers’ busy lives?
Be innovative. Be fun. But stress the importance of mobile device security as well as mobile app security to your workers every chance you get.