Many businesses utilize smart phones and tablets to conduct business on the go. However, many do not have a formal mobile device policy on what mobile apps can be downloaded on company devices. This can leave businesses vulnerable to cybersecurity attacks from mobile devices.
ARMA’s Information Management Magazine recently published an article on “Unsecured Mobile Apps Are Putting Organizations at Risk” where they reported mobile malware infection has increased to over 16 million infected devices in 2014.
Why are mobile apps such a cybersecurity risk? ARMA also goes on to cite recent research by the Ponemon Institute on behalf of IBM that found the following six reasons:
- In the rush to release new apps, the apps are released with vulnerabilities hackers can exploit.
- Most apps are not tested or infrequently tested.
- Malware infections are increasing because of the lack of business resource to combat infections.
- Not enough money is allocated to securing mobile apps. Of the average $34 million used to develop an app only $2.2 million, or 5.5% is allocated to security.
- Most businesses do not have in-house mobile security expertise.
- Most businesses do not have polices that define what is acceptable use of mobile apps on business devices. This puts the business at risk for data breaches, ransom ware (thieves hold your business information hostage until a ransom is paid) and denial of service attacks and much more.
What can your business do to combat malware from mobile apps? Here are some next steps:
- Ask yourself, does your business have a policy on mobile device use? No? Then, now is a great time to formally document a policy regarding acceptable use of mobile devices including appropriate mobile apps to download.
- Do you want individuals to self-monitor, or will you have your IT department bless new mobile app downloads. Both strategies have their pluses and minuses. With self-monitoring you give individuals the freedom to choose which apps are most likely trustworthy apps, but you may have the risk that a less than technical person may download the one app that cripples your business. On the other hand if you have mobile apps only available from the IT department, you can create a bottleneck and inhibit business agility.
- Train employees on proper cyber security procedures regularly. Include mobile app choices in your cyber security training.
- Audit compliance with business policies regularly.
Nitza Medina-Garcia, Certified Records Manager, Records and Information Management Consultant
Contact us today ! Let us help you create strategies to protect your business information.