Downloading Apps from the App Store Doesn’t Mean They’re Safe
Almost every business today allows employees to use their personal phones for business purposes, making those businesses vulnerable to security threats on those phones. Bring your own device (BYOD) policies often warn users to install only apps downloaded from trusted app stores or prohibit certain apps.
Unfortunately, stating a policy doesn’t guarantee that employees will adhere to it. One mobile security vendor’s survey found that in more than half of businesses, there’s at least one device that doesn’t comply with policies. Even if apps are only obtained from the official app stores, they may not be safe. Another security vendor found that all of the top 100 paid apps for Android had been hacked, and more than half of the top 100 on iOS.
App Exploits Steal Credentials and Data
Apps that are hacked and apps that are vulnerable can lead to security threats on the corporate networks they connect to. Malware such as XcodeGhost and KeyRaider can steal credentials and other information from infected iOS devices. The Gooligan malware on infected Android devices captures authentication tokens that can allow hackers to login to Google accounts without having to provide a password.
Other risks come from the way the apps are designed. Many apps store their data on the phone in clear text, including personally identifiable information such as usernames and passwords. Because people common use the same credentials across multiple applications, this could put employees’ work accounts at risk as well.
Take Steps to Protect Your Systems from Mobile Threats
In order to protect corporate systems from mobile dangers, implement a BYOD policy that defines employee obligations, such as installing antivirus software on their devices. You should also consider using mobile device management (MDM), mobile application management (MAM), or enterprise mobility management (EMM) software to implement other controls on user phones.
MDM, MAM, and EMM software let you enforce policies such as only allowing specific mobile devices to connect to your network, ensuring that devices automatically lock after idle periods, preventing unapproved apps from connecting to your servers, and encrypting any data stored locally on the device.
These mobile security solutions also allow you to require all connections to your network to be via a secure virtual private network (VPN), remotely erase corporate data from the device, and require users to update to the latest version of an app. Additionally, you can establish controls that restrict what individuals are allowed to do via their devices, so blanket bans don’t prevent users who need to accomplish work remotely from completing their tasks.
Mobile Security Begins with Understanding the Role of Mobile Devices at Work
Mobile security begins with understanding the work your employees need to accomplish via mobile devices so you can define and implement a policy that provides security without preventing work from getting done. Prescient Solutions can help you define your BYOD policy and implement the necessary security controls to protect your business while empowering employees. Contact us to learn how our experienced, certified professional team can help you securely integrate mobile devices into your business.