The security threat of BYOD and unvetted mobile apps
by Suhail Nanji, Area Director, Southeast Region, SMLR Group
It’s likely happening in your organization, whether you have an official policy or not. Employees are probably running software applications on their own mobile devices or employer-issued devices to access company information. If you don’t have an official policy outlining usage guidelines for mobile apps or the appropriate security measures in place, your company is probably at high risk for a data breach.
What’s the big deal?
The problem with mobile apps is that many of them gather information and share it across platforms. If, for example, an employee uses a mobile app on an employee-issued device and that app inadvertently grants permission to access the contact list, your company’s data would be exposed. Other apps share calendar data, global positioning and more that can also compromise confidentiality.
Finding a way around the problem
The best way to mitigate risk and ensure safety is not to ignore the problem. If you don’t grant employees permission to use mobile apps, they’re likely to find a more productive workaround anyway, and leave your company exposed. Vetting mobile apps helps educate employees about the risks and ensures the organization’s security is top notch.
No matter how detailed a process your organization develops, it should include two primary steps, as outlined by the NIST.
- Testing the app.
- Approving or rejecting the app.
The nitty gritty
Provide employees with a guide for requesting the use of a specific app. Create a committee of analyzers that will vet the app, investigating its tools, services, data gleaning and so forth, and then allow the committee to submit a report to an auditor. The auditor should have the insight and industry knowledge to bring all of the information together and make a recommendation to the next level, taking into consideration the vulnerability of the app and the activities for which employees would use it. The final point of contact should either approve or reject the use of the app, taking into consideration the risks and security requirements against the productivity gains the employees will see from adopting its use.
With such a plan in place, organizations can forgo the haphazard nature of mobile app adoption for the sake of making work a little easier, without regard for the effects it will have on security organization-wide.
SMLR is happy to advise SMBs on creating organizational policies that will help guide safe mobile app usage. The first step involves developing specific criteria for vetting mobile apps, identifying security requirements within the context of each app, and then creating organizational requirements for optimal security. Just give us a call to get started, and we’ll walk you through the steps for mitigating data breaches when it comes to policies for mobile apps, email, passwords and more. Our experts have keen industry insight as well as technology expertise. This unparalleled marriage of cyberinsurance and technology advancements will help position your organization for success in the digital age.
Click HERE for a white paper on Mobile Security Safeguards