Mobile applications can greatly increase productivity in the workplace. Famous apps like Slack makes teamwork easy, allowing tasks and communications to be performed easily. Whatsapp, Line, and other apps are also popular and offer encrypted chat features. So, what is the concern with controlling data leakage from apps?
Well, the issue is that on the surface it is very hard to tell exactly what information an app maybe transmitting without encryption, or uploading to a server that could be physically located anywhere in the world. As many countries have far more relaxed data protection rules than the US or EU, this raises some concerns.
After all, you want your company data to be secure. The last thing a company needs is that information reaching the hands of competitors, or worse … shared openly on the web, destroying the company brand and consumer confidence.
So, here we’ll look at the issue of app security in more detail, as well as at how it can be controlled.
What Security Issues Can Apps Cause?
While this isn’t a full list, as new issues and apps develop daily, here are a few of the key problems with using mobile apps. This is especially true with chat apps and high-permission apps that have access to almost everything on a mobile device.
- App Security Weakness – Apps are made by developers, and just as websites get hacked and have security issues from human errors, so do apps. A fairly recent high profile event concerning this type of issue is the Whatsapp app containing a backdoor that gave hackers access to devices (this issue has since been resolved).
- File Sharing – Chat apps, P2P, email and cloud storage offer this feature and employees often use them to share company documents. However, the receivers device or even the cloud storage can become compromised.
- Chat Apps – Apart from file shares, customer information can be communicated in ways that breach data protection laws.
- Cloud Storage – Employees will often use this to back up their files, or to allow them to work at home. However, it opens up more risks of company data being accessed by someone that shouldn’t have access.
- Teamwork Apps – These are incredible for aiding productivity and communication in the workplace, but also need to be treated carefully and fully assessed. If there is a client-side level to communications in the app, even stricter rules and systems need to be in place to prevent data breaches.
There are of course many other data breach possibilities, but this highlight some common ways in which employees tend to use mobile devices at work. They are useful and can be good for productivity, but with serious data protection laws like GDPR, they also open up the company to possible penalties, loss of business and even bankruptcy.
How to Prevent Data Leakage Through Apps
The first step would be to implement a secure MDM setup (Mobile Device Management). This allows companies to restrict usage of unsecured apps, monitor what is used, see file transfers and more. MDM also allows for the remote wiping of a device, if it were to be lost.
However, with secure and encrypted chat apps and file sharing, it can also be difficult to know exactly what is transmitted. An MDM setup helps, but it needs to be used in conjunction with effective company policies regarding the use of data on mobile devices, what is not permitted to be transmitted, and the resulting penalties or consequences of such actions. Most data breaches are not maliciously caused by employees, instead the malicious party gains access due to the error of an untrained employee. Training combined with MDM is the best defense to mobile data leaks.