How to keep your business secure when employees use their own mobile devices and install unmonitored apps on them for work.
Today, smartphones are everywhere. They are used for work every, single, day. Using a smartphone or personal laptop can boost productivity, but this unmonitored mobile technology also presents a threat to your business security.
More than a third of the UK population now either work from home or undertake hybrid working. As a result, the notion of ‘Bring Your Own Device’ (BYOD), has rapidly grown in popularity. The lines between personal and professional are blurred, and employees use their own personal devices to execute their work daily.
With BYOD, an employee owns the device, but the business owns the corporate data stored on it. There are clear advantages to allowing your employees to use their own devices for work, but it’s important to consider the risks to your data from third-party applications that the employee may choose to download to their device.
What is a third-party app?
A third-party app is a software application made by someone other than the manufacturer of the mobile device or its operating system.
All modern smartphones and devices support third-party applications. Most can be downloaded from online marketplaces such as the App Store on iOS or Google Play on Android.
Today, more people are more cyber-security aware. They wouldn’t dream of downloading an email attachment from a stranger but would download an app without considering the consequences.
Third-party app developers must follow strict criteria. Online marketplaces also vet the software for malicious code but there is still a chance risky apps will go undetected.
Just last month, it was reported 36 apps containing malware and adware were available to download on the Google Play Store. To trick users into downloading them, the apps posed as virtual keyboards, system optimisers, or wallpaper changers. One app presented as image-editing software but was designed to steal people’s Facebook credentials. The application had over 1 million downloads.
These insecure applications leave doors wide open to cyber criminals.
What are the risks of a third-party app?
Third-party applications can typically read and/or modify some or all of the user’s data on that device. They can also gain access to the camera, device location, and contacts. While this functionality might not necessarily be malicious, these applications could be potential sources of leakage of sensitive company data.
Once an application has been given appropriate access rights, it can be difficult to trace how data on the phone has been handled. Some apps sync information to other cloud services. Again, whilst not inherently dangerous, these services can be beyond the scope of your control. Other apps are deliberately malicious. They are designed to contain viruses and malware to seek out personal information such as passwords or bank details.
There are ways you can help people avoid downloading a malicious app. Read on to know more.
Secure mobile app strategies for employees.
Blacklisting apps
If your employees use their own devices for work, it is wise to blacklist potentially dangerous apps and prohibit their use by employees. Once you’ve created your blacklist, you should share it with your entire workforce.
Employ password-protection
If you employ BYOD, you must consider password protection. Smartphones can be lost or stolen easily. If they contain company information or sensitive data on them, they pose a risk to your business if they get into the wrong hands.
If the passwords on the device are weak, or non-existent, the person who comes across the phone can easily access this information.
Strong passwords give the owner enough time to report the problem and take appropriate measures to secure their systems.
Regularly update the device OS and all applications
New vulnerabilities and malicious exploits are revealed daily, so updating all the software on mobile devices that have any connections to your organisation is vital.
Keeping apps up to date ensures users have access to the latest features but also improves app security and stability.
Employee training
When it comes to risks introduced by downloaded apps, it’s important for employees to understand the potential for damage.
The efficacy of cyber-attacks can be substantially reduced if employees have undergone appropriate training and been taught best practices.
Regular education and awareness training will help equip people with the skills and knowledge to spot the signs of risk, avoid downloading a malicious app, as well as how to act if a security breach occurs.
The takeaway
The blurring of the line between business and personal devices can make security management a challenge. While it may not be possible to force updates or lock down devices understanding the risks involved with mobile devices for your business security is vital.
To ensure a BYOD approach can be sustained for the long term, it is likely that businesses will need to introduce policies and review their practices to mitigate security risks and keep their data secure.
By undertaking a security audit or cyber-security awareness training, you’ll be able to more effectively manage risks associated with third-party applications.
If you need assistance in doing any of these things, please enquire today.