entrust IT Blog

Are your apps a security risk?

Written by Tom Dodd | Oct 26, 2016 2:21:07 PM

Do you own a work phone? Do you install apps onto it? If you answered yes to both of those questions, you’re not alone. Apps are such a vital part of our lives on our smartphones now that if you didn’t use apps on your work phone then chances are you can’t actually do your work.

But could those apps pose a security risk?

Jon Huberman, chief executive of file sharing company Syncplicity seems to think so. “If the enterprise doesn’t provide the users with the tools they expect to do the job, they’ll find the tools themselves” he says, “It’s a huge issue for the company – data leakage is a big problem.”

Perhaps you use Dropbox to store work files and have the app installed on your phone. If your device was stolen, how easy would it be for someone to get into your Dropbox account?

Maybe you have installed Instagram or Twitter on your phone. These two applications hoover up data such as email addresses, phone numbers and full names from your phonebook. Or perhaps you use WhatsApp, which now shares data with Facebook in order to send you targeted advertising.

There is also the risk of apps infested with malware. This is generally more of a risk on Android devices, as open source apps are easier to install on Android devices, via a process called sideloading. A recent study found as many as 10 million Android phones were infected with some form of Malware.

For many, the worst a phone hacker can do is get hold of your text messages or your selfie collection. But for some, the data stored on your phone could be extremely damaging if it fell into the wrong hands.

What practical steps can you take to protect yourself and your company?

Firstly, it is important that corporate IT managers have some sort of idea of the sort of apps you’re installing on work devices. Those IT managers must also make it clear to staff what data can and cannot be shared with third-party apps and should provide staff with the necessary tools they require to do their job, so that they aren’t tempted to look elsewhere (Microsoft SharePoint is a more secure alternative to Dropbox for example). Finally, educate your staff to identify risky behaviour and particularly how they avoid falling victim to phishing emails.

By putting these points into practice, you can avoid a damaging security breach in your workplace.