You’ve equipped your workforce with mobile apps, but you might have created a new problem. It’s not what you think; we’re not talking about your staff becoming hooked on social media or games. It’s a far more severe threat to your company: mobile app security.
How Mobile Devices Became Critical to Modern Business
The rise of the iPhone and Android phones has brought a revolution to IT departments. It’s no longer enough to demand all employees use company-issued apps. Instead, employees are demanding the right to use their own devices at work. Over 50% of American companies already allow employees to bring their own devices to work. Balancing employees’ demands to use their own devices with corporate security needs remains a major challenge.
What Are the Major Issues in Mobile App Security?
To choose the right mix of solutions, we need to take a step back and look at the key issues in mobile app security. Here are some of the main issues we see in the market:
- Physical device access: Smaller devices are easier to lose from a purse or pocket. We’ve all seen friends put a mobile phone down on a table at a restaurant. If the device is left there, it may fall into the wrong hands. With physical access to a device, the odds of a successful hack only go up.
- Unpredictable law enforcement activities: Some agencies and officers, especially at border crossings, are demanding access to mobile devices. Unfortunately, these inspections sometimes include making copies of device data for further analysis. This poses a security and confidentiality concern for companies because it’s unclear how company data will be secured and managed.
- Login and authentication challenges: What happens if the mobile device is compromised? An employee might download a game or other app with security vulnerabilities. Once an attacker has access to the device, login protection is critical.
How Can You Fix Mobile App Security?
Fixing mobile app security requires multiple techniques. We recommend using all these methods to reduce your risk exposure quickly.
- Implement Single Sign-On for Mobile Apps
Bringing Single Sign-On (SSO) to mobile apps is a fast way to improve mobile security. Unlike other approaches, this solution makes security easier to manage for employees. How? It means that they only have one password to memorize for access to your corporate assets. Once you have this simplification in place, you can improve your password quality.
To support your staff, find out how to develop password training for employees. Remember that most of your employees probably don’t think about password issues that often.
- Eliminate Unused Access Credentials for All Apps
What happens if a former employee forgets to delete corporate apps from his or her phone? There’s an increased risk of data loss. To reduce this risk exposure, IT needs a robust process to eliminate unused access credentials. We recommend IT partner with human resources to identify and remove unused IDs. If your organization has high turnover rates, ask your people managers to complete a monthly review of all user IDs used in their department. With that review process in place, your risk exposure will be reduced.
- Make Password Resets Easy for Employees
When you come back to the office after a vacation, what happens? If you’re like us, you probably struggle to remember all your corporate passwords. If you don’t provide tools and support, employees may engage in high-risk behaviors such as writing down passwords on a sticky note and attaching it to the back of a mobile device.
Inspecting all employee mobile devices for such behavior isn’t a solution. Instead, you need to make passwords easier for employees to manage. Instead of forcing staff to call a help desk, wait on hold, and admit they’ve forgotten a password, you need a fast self-serve solution. To make that happen, we recommend using Password Management. With self-serve password resets in place, employees don’t have to worry about being embarrassed about forgetting their passwords. Even better, your IT help desk will have more capacity freed up to work on more significant issues.
- Implement Multi-Factor Authentication for Mobile Apps
When you rely upon a single password for security, you make life easy for hackers. Instead, implement a multi-factor authentication (MFA) process to protect mobile devices. With this approach, users need to use two or more forms of authentication. For example, you might require them to enter a password and receive a code via text message. Alternatively, some MFA systems use biometric identification such as fingerprints to confirm identity.
Resource: Building a business case for MFA doesn’t have to be hard. If you have risk-averse senior management, take note of the fact that multiple large corporations have already adopted MFA. Failing to adopt MFA for employees and customers means you’re falling behind.
- Conduct Cybersecurity Testing on Mobile Devices
Proactive cybersecurity tests are the final strategy you can use to find problems. For example, you can engage a security consultant to conduct penetration testing on your mobile apps. Alternatively, you can carry out periodic random physical checks of all company-owned smartphones. This proactive testing approach is helpful in surfacing problems that may not be captured through your monitoring process.
If you have a large cybersecurity department, you may be able to carry out this testing internally. Otherwise, seeking an outside specialist is the best approach. In either approach, make sure you set aside time and resources to act on the recommendations. The testing has no value if management isn’t committed to working on closing the gaps.
Integrate Your Mobile App Security into Business as Usual
After you implement these strategies, we recommend assessing and managing mobile apps as a regular part of your infrastructure. That means your annual training, testing, and reports should all be updated to include coverage of mobile apps. Without that approach, mobile app security will only be approved on a project basis.
