More and more companies are embracing ‘work from anywhere’ and ‘bring your own device’ policies to reduce operating costs, boost productivity and give employees the opportunity to work in a way that makes sense to them.
But while mobile devices are a great for working on the go, they could be putting your business at risk of cyberattack. This article will cover the threat hackers pose to your organization and how mobile application security can help insulate you against digital intrusion.
Do You Trust This Download?
There are basically two types of dangerous mobile apps: fraudulent applications and legitimate applications with excessive permission requirements.
The first category is easy to understand, but a little more difficult to spot. Consumers and employees mistakenly believe that if an application is available through Google Play or the Apple App Store, that is inherently safe and was properly vetted; but this couldn’t be further from the truth.
For example, researchers at Georgia Tech were able to circumvent App Store security checks and release a malicious app known as Jekyll. The App Store review process lasted only a few seconds before releasing the malware program to the public.
But you can just check the comments section or star rating to see if the app is reliable, right? Well, not exactly. Hackers and cybercriminals are pretty clever folks. They understand how the average web user behaves and what steps people take (or don’t take) to verify the legitimacy of their applications.
It’s incredibly easy for hackers to produce hundreds or even thousands of phony reviews. Similarly, it is simple enough to create a deceptive icon or app name to trick users into downloading a harmful program.
Take Microsoft Excel for example; if you look for this popular business application in your search results, you will find dozens of applications with the iconic green X logo. But how many are legitimate? Can you avoid the imposters by paying for the download?
Bloggers at HowToGeek point out how the seemingly trustworthy “Office Bundle” application, the most popular result the Mac App Store, is nothing more than a collection of templates, “all of which are useless without Microsoft Office.” To add insult to injury, the app cost $30!
But it’s not just sham and imitator apps that can harm your business network; even genuine mobile apps can open new risks and vulnerabilities.
“Making an app purchase may expose personal contact information,” writes MakeUseOf reporter Kannon Yamada. “Including one’s name, physical address and email address, to developers.”
Similarly, apps may require users to authenticate accounts, reveal sensitive login data and share their contacts. This is bad news for businesses because it means that an employee could unwittingly expose important passwords, keystrokes and coworker/customer contact information. Yikes!
How to Avoid Bad Apps
Now, our goal is not to sour you on apps (not that we could, apps are far too prevalent and convenient), but rather to educate readers about making smarter decisions. Below you will find several helpful tips for improving mobile application security across your organization.
- Educate your employees about the risks of bad apps.
- Give your employees a list of approved apps; and ask them to discuss unapproved apps they are considering using with your IT department.
- Tell employees what to look out for; after all, a flashlight app does not need access to your microphone or contacts.
- Advise employees to visit an actual website or service for app downloads rather than blindly trusting what’s popular in the app store.
While these tips will greatly improve your mobile application security, it’s important to remember that hackers only need one point of entry to do damage to your business network. Stay aware, stay suspicious and stay safe.