As we move from the world of PCs to smart devices, we find that they are yet to be taken seriously by individuals and organizations. There is a tendency to think of smartphones as phones that can do other things, instead of a powerful computer in your hand. It is important that your organization’s IT team recognizes the potential vulnerabilities and threats that the organization could face through unsecured mobile devices and understand that there is a need for solutions to ensure security.
With BYOD becoming common place, a major share of the smartphones used for business purposes are owned by individuals instead of organizations. These devices could potentially become easy targets for cyber-attackers making it difficult for your IT team to secure data residing on enterprise systems. It is therefore imperative for enterprises to ensure the security of employees’ mobile devices and the apps installed on those devices.
Rethinking security of mobile applications necessitates stricter regulations in terms of disk-encryption and malware protection. Let us explore a few vulnerabilities specific to mobile apps and look at some ways to protect against them.
- Growing interest in hacking mobile devices - Hackers are always looking for ways to infiltrate organizations, and are slowly realizing that exploiting vulnerabilities in mobile device security is easier than traditional targets
- Lower security levels - It is generally agreed that Android devices are more vulnerable than iOS devices with Windows devices lying somewhere in between. Compared to PCs, mobile devices still have a long way to go in terms of security.
- App vulnerabilities - While they are great, and tremendously improve the functions that your mobile can perform, app stores across mobile operating systems leave a lot to be desired in terms of app security verification. For example, Kaspersky Labs estimates that one in five users don’t adequately vet an app, or it’s permission requests, before installing. Additionally, bugs or vulnerabilities in the underlying code become targets for mobile malware.
- Device security - Ensure that employees protect their phones with more than just a swipe access. Let them know that using codes, passwords, and even fingerprint scanning are better ways to protect their devices and company data. Enterprises should also assess the security of employee devices by checking for rooting or jailbreaking, rogue applications, and compromised environments.
- Secure code – Empower your developers with tools capable of identifying vulnerabilities in the underlying code of enterprise apps. Protect enterprise apps against reverse engineering and tampering.
- Data security - Ensure security of enterprise data by encrypting mobile data and equip your security team with remote wipe capabilities to address security issues related to lost devices.
- Secure transactions – Restrict employees’ mobile access to enterprise services and the capability to execute mobile transactions on behalf of the enterprise based on risk factors such as device security, employee location, network and so on.
Mobile devices are the new frontier for cyber wars, with hackers trying to break in, and security teams trying to keep them out. Ensuring security in the BYOD era requires organizations to assess the impact of mobility on their business risk profile. Employing cyber security services can help organizations tackle the entire range of security needs in a single go, including tackling employee device safety and security, along with access control and network security. Complementing cyber security services and solutions with employee education, and laying down policies specific to mobile devices, will help organizations to protect against mobile app vulnerabilities.
The author is CEO, Infrastructure Management Services and Security Business at Happiest Minds
Disclaimer: This article is published as part of the IDG Contributor Network. The views expressed in this article are solely those of the contributing authors and not of IDG Media and its editor(s)