Your company, like most these days, is probably benefiting greatly from the new flexibility and mobility of your employees. They can be connected virtually 24/7 and the lines between work and personal time are blurred. There is good and bad to this but there is no disputing the opportunity for increased productivity is good for your company.
This increased productivity is largely facilitated by mobile devices – smartphones and tablets. Aside from the obvious risks associated with remote access using such devices, you could be overlooking risks from innocuous-seeming apps that your employees have downloaded on their devices. If you have not helped your employees understand how to avoid the dangers of rogue or sideloaded apps, they could be putting your company and themselves at great risk for a data breach.
Android phones are sometimes perceived to be more vulnerable than Apple devices but, in reality, they all have vulnerabilities. Android apps are submitted to automated scans before they are accepted for sale to Android users whereas Apple perform a rigorous manual approval process. Even with a detailed approval process, Apple devices are far from immune to the dangers of malicious, dangerous, or poorly coded applications. The common practice of “jailbreaking” an iPhone, in particular, exposes the phone to risks that the factory coded settings were in place to mitigate. If your company does not have a clear policy prohibiting access to your data or network on such a compromised device, you may be surprised to learn how many employees are putting your company at risk.
If an app is not offered in your phone’s App Store, consider this a warning sign. Downloading an app that has not at least been reviewed is very risky. Other warning signs to beware of include:
Bad User Reviews
It is important to really read the reviews left by other users of the app. The averaged, numerical or star-based rating may hide negative reviews by knowledgeable users who have seen something dangerous in the app.
Bad Grammar in the Description
Typos happen. But when you see an app’s description that was clearly written by someone not fluent in English or versed in basic professionalism, steer clear of their app.
Does that mini golf app really need access to your contact list or SMS features? Likely not. This is a warning sign. This pertains especially to free apps. If the app is offered to users free and makes money running ads, be very careful what data you allow this app to access from your phone. It could simply be an innocent (but still morally questionable) data grab for marketing research or retargeting. Or it could be a blatant, malicious ploy to access your data for criminal purposes by the app developer or one of their advertisers.
Taking time to update apps when the App Store’s app indicates there are updates available is a hassle. It takes time and it’s just not something we think about. I just looked and there were 38 updates waiting for me to accept. But it is important to stay on top of these updates as they may contain important security improvements or fix an issue that has been discovered and could put your data at risk.
Mobile Apps: October Security Tip
Feel free to share this security tip with your colleagues. If you would like to receive monthly IT Security Tips that you can share with employees by email or in your internal newsletter, click here to join our mailing list.