Data leakage through mobile apps

in Advisory, 22.06.2015

An everyday situation: while installing a mobile app it asks permission to various parts of your smartphone. Without permission, there is no functioning app… What do you do? You deny the requested access? If yes, then you belong to a (probably small) group of critical users. Most people are in fact likely to accept the request. Even without reading the conditions anyway… Among the permissions, there is access granted to the microphone, camera, photos, contacts and email. A decision that is not without risks as “mobile devices” often also have access to company data. So why permission is granted so easily?

Business and private use overlap

In recent years there has been a steady rise of the use of mobile devices such as smartphones and tablets in our daily activities. Personal mobile devices have found their way into the business environment. This relatively new technique has been introduced by end users in the organization rather than from the organization to the end users.

This origin makes it that the tablet is seen as a private device, which also is used for business data. The company laptop, as a contrast, is seen as a business device that is sometimes used for private purposes.

Although end-user mobile devices and laptops now appear as different types of devices, they are sometimes used for overlapping purposes.

Information security threats

As smartphones and tablets are mostly used for the same purposes as a laptop, and therefor mobile devices are in fact subject to the same information security threats. Therefore they should actually meet the same information security criteria. For example when it comes to encryption of confidential data, installing unknown software or visiting unsafe sites. Nevertheless, the security awareness seems to be low when it comes to be aware of malicious apps that have access to corporate data.

Risks to business data

Cybercrime is constantly taking new forms. Hackers recently obtained through a coffee company app access to reward accounts and thus to banking and credit card information. Reward funds were reloaded and captured.

Another focus is malware. Recent studies show that mobile devices are vulnerable, but the development of malware is still in its infancy. With an increase in the use of smart phone and tablet devices, this new threat will only increase.

Mindset

Mobile devices are the laptops of tomorrow and do need the same security awareness as we apply to laptops today. We are still at the beginning of this transformation. A change of mindset is the first step for answers to the questions ‘mobile devices’ entail.

 

This blog entry is a translation of the original article published by Lars Jacobs on 29 May 2015.

 

Further information:

 


Leave a Reply

Your email address will not be published.