Application security, Endpoint/Device Security

Here’s how to bridge the mobile app security gap

Mobile App Security

Mobile apps have shaped one of the gravity centers in today’s business world. From streamlining communication and collaboration to enhancing productivity and efficiency, these applications offer numerous benefits. However, alongside the advantages lie inherent risks.

The increased reliance on mobile apps in corporate environments combined with lax employee cybersecurity practices in some cases has put them in the crosshairs of the threat actors. According to Verizon, 45% of organizations experienced a compromise involving a mobile device last year. More than half of employees admit to using unauthorized apps for work purposes, says another study.

Although these statistics paint a sobering reality, several strategies can help companies emerge unscathed. Let’s highlight seven steps to strike a balance between seamless mobile experience and safety in corporate environments.

Step 1: Vet the apps

Organizations must adopt a discerning approach to app selection. This requires a deep dive into the application’s security protocols, functionality, and data privacy practices. Scrutinize app permissions, encryption standards, data retention policies, and the developer’s reputation. Prioritize trusted marketplaces such as Google Play Store and the Apple App Store, where apps undergo rigorous review and malware scanning. By limiting app installations to a carefully curated whitelist, the company minimizes the risk of malicious or unauthorized software infiltrating its network.

Step 2: Encrypt data

Implement industry-standard encryption to safeguard all data stored on mobile devices and transmitted through apps. This shields sensitive information even in the event of a device loss or breach. Encrypting data-in-transit has become a go-to technique to thwart man-in-the-middle (MITM) and traffic sniffing attacks that potentially entail serious ramifications for corporate networks. Use a reliable VPN service to stop such abuse in its tracks.

Step 3: Manage devices with MDM

Mobile devices used for organizational purposes require a watchful eye, especially in an era where digital governance is increasingly prevalent. Using a mobile device management (MDM) product lets the company  enforce security policies, monitor device usage patterns, and remotely wipe data if the device gets lost or stolen. MDM policies should extend beyond the basics, encompassing elements such as encryption, multi-factor authentication, and a commitment to timely security updates.

Step 4: Verify with MFA and DLP

Impactful cyberattacks can start with a single compromised account. This was reportedly the case with the massive breach of Ukraine’s major mobile carrier Kyivstar, which unfolded last December and brought down mobile connectivity for roughly half of the country for days. This recent incident underpinned the importance of proper employee verification.

Password management and multi-factor authentication serve as additional layers of defense that can fend off such exploitation. A data loss prevention (DLP) system can take it a step further. It foils unauthorized data sharing and downloading, thereby keeping sensitive information within designated channels.

Step 5: Collaborate between the app developers and corporate IT

The onus of mobile application security isn’t solely on end-users. It extends to the developers creating these programs. Collaborative efforts between the corporate IT team and app creators are crucial to ensuring DevSecOps. For example, if the organization considers adopting an enterprisewide QR code generator, it’s a good idea to ascertain that the product is GDPR and SOC 2 compliant and discuss it with the developers upfront. Put regular updates and patches on the checklist as well. The symbiotic relationship between companies and app makers can help create a robust defense against evolving cyber threats.

Step 6: Develop and communicate an incident response plan

In the event of a security breach, a well-defined incident response plan becomes the main stepping stone to recovery. Swift and coordinated action helps mitigate the impact of the attack and prevent further compromise. Establish clear communication channels and protocols for reporting suspicious activities related to mobile applications. This ensures that responses are not only timely, but also well-informed.

Step 7: Educate the staff on how to spot security holes

Technology alone is not enough. As the human element remains a prominent factor in security breaches, it’s become very important to train employees on responsible app usage, phishing awareness, and ways to report dubious activity.

By prioritizing security and taking proactive steps to mitigate risk, businesses can leverage the full potential of mobile apps to achieve KPIs and complete important tasks on-the-go without exposing data to malicious actors. Corporate security requires a holistic approach, so make protecting the mobile ecosystem an important building block of this strategy.

David Balaban, owner, Privacy-PC

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.