Secure your organization against risky mobile habits

Across Asia, mobile apps are playing a pivotal role in disrupting industries and changing how we consume, acquire, and pay for services. While digital transformation does not simply mean developing an app, brands that wish to strengthen their customer experience have made mobile apps the centerpiece of their digitalization efforts. Coming fresh off the holidays—from Christmas to Lunar New Year—there is no better time to take an introspective look at how cavalier our attitudes towards mobile apps have become and how they impact the enterprise.

With Bring Your Own Device (BYOD) becoming a global phenomenon, it has also made the mobile workforce a reality across Asia. Whether employees use work-assigned or personal devices, the perk of a smartphone used for both work and play is a convenience that most people take for granted.

However, our easy access to apps on our mobile devices has engendered in us, as users, a complacency that has dovetailed into some very bad habits we bring into the workplace. These risky behaviors include recycling passwords across personal and business accounts, side-loading apps on our phones from the internet, or even doing something seemingly innocuous like using free Wi-Fi at a nearby café. The list is a long one.

So, what if my data is compromised?

On the flip side, these behaviors also demonstrate that while users say they value their data privacy and security, the reality is that most users hold a callous disregard about their data. A clear example is user attitudes towards Facebook. While public outrage at Facebook’s privacy scandals may have been increasingly loud in recent years, it has not slowed down user activity on the platform. In fact, as of January 2019, user numbers in the US continued to hold steady, while user numbers have increased in Asia.

As 5G descends upon Asia, the combined factors of high availability of app services on the cloud, the speed and volume of data flow, and the flexibility of access from almost any device mean that our bad habits will increase pressures to our cybersecurity infrastructures.

Guard your organization’s app and data access

Unfortunately, not all organizations today have dedicated budgets allocated for mobile apps security. If your organization is like most, these new realities place mobility—and mobile security—near the top of your list of concerns. There are ways to build and adjust access policies predicated on identity, context, and environment to control and differentiate remote and mobile user access.

Here are some ways you can do this:

  1. Establishing a clear access policy—This helps ensure devices in your organization comply with corporate security policies to bar all network access until they are compliant. This measure also protects your apps, data, and network resources from any cyber threats that come your way. In the event of workplace relocation or expansion, organizations would also need to ensure that their policies will allow employees to access the relevant platforms across new locations.
  2. Assess device integrity—Organizations should check the security posture of devices used, validate the presence of malware, and look for indicators of compromise and control the flow of data based on this.
  3. Validate, validate, validate—Organizations would do well to perform validations across mobile apps, the servers they are communicating with, and the mobile devices themselves. Spoofing has become increasingly problematic as it is often used to impersonate an app, device, user, or even a server. You want to be sure the mobile apps used in your organizations are communicating with legitimate servers and not spoofed servers.

    Also consider deploying solutions that enable you to identify phishing attacks before they are launched—at the point where attackers are creating and spoofing domains. Your servers should also validate the mobile applications in use have not been tampered with. In Singapore, ride-hailing company Grab discovered that some drivers were using fake Grab apps that have been reverse engineered to perform unlimited cancelations without penalties.

    And finally, your servers should validate the integrity of your connected devices to look for indicators of compromise like jailbroken phones or the presence of malware.
  4. Guard against automated attempts—Ensure you deploy a robust application firewall to fend off automated attempts by bots and other automated attack vectors. Automation has been used by fraudsters to scale their operations, so organizations would do well to guard their mobile endpoints against these risks.
  5. Encrypt—Guard your organization against all three states of app data. Encrypt your data at rest (when stored in the app), in transit(whensent to servers), and when data is in use.

These are just some factors to consider as part of your mobile security strategy. Of course, there is no better salve than to constantly remind users to re-examine their mobile usage habits and begin the new decade with a fresh (and secure) slate.