New phone under the tree this year? Investing in mobile devices for your business with your 2020 budget?

We store a ton of sensitive data on mobile devices, from contact information and private messages to location data, passwords, bank accounts, and business documents. You may have already started to consider cybersecurity for mobile devices in your business, but what about the apps that you use every day?

You might not think about security before hitting “download,” but mobile app safety certainly has its own cybersecurity considerations.

Avoiding Mobile Malware in 2020

Android and iPhone apps have many of the same security considerations as computer-based programs, but don’t get the same attention as when working from a laptop or PC. Just like any software, cybercriminals can exploit a mobile app to gain access to your mobile devices, and by extension, your data.

That’s why it’s so important to exercise care and caution when making choices about the mobile apps you download and use, for example:

  • Always update to the latest version of an app, as updates often fix known vulnerabilities.

  • Install Mobile Device Management software to monitor employees’ app downloads and update management.

  • Use a strong password and two-factor authentication on all your app accounts.

  • Avoid connecting your mobile devices to public wi-fi.

Choose Apps Mindfully

There’s an app for everything, and unfortunately, the cyberattackers have malicious apps for their purposes, too. These imposter apps look like fun or useful services, but have a sinister side. Cybercriminals can leverage malware in the background to access sensitive information, show ads, or “mine” cryptocurrency through cryptojacking. To reduce your—and your employees’—risk of downloading a fake app, do your research to choose reputable apps:

  • Find the developer’s name and history. How many apps has this developer created?

  • Check the publish date of the app and read reviews.

  • Find a download link from the company’s website rather than searching the app store.

Even a legitimate app may share your data with third-parties—usually for advertising, but it’s still important to be cautious about sharing too much. A recent study by the University of Oxford found that vast majority of apps share at least some personal data with outside sources, with news, children’s, and gaming apps as the worst offenders. To minimize your risk of sharing sensitive data with the wrong party:

  • Read the terms of service and privacy policy to confirm what information is shared.

  • Only install work-based apps on company mobile devices.

Review App Permissions

Mobile apps work by integrating with functions on your device through permissions; for example, a photo editing app needs permission to access your photos. However, some will try to request additional, unnecessary permissions for advertising—or more nefarious—purposes.  Be on the lookout for superfluous and/or suspicious permission requests that don’t relate to the app’s intended purpose.

Once you hit “Allow,” your mobile app safety decisions have been made, for better or worse. At that point, the app has access to all the functions and information it requested. If you’re ever in doubt, it’s best practice to decline the request—if the app truly needs the permission to function, it will be clear as you begin to use the service. If an app tries to collect too much information, consider a different app.

Mobile apps can be fun, helpful, and productive, but before you download and approve permission requests, ask yourself: Am I thinking app-solutely cybersecurity-first?

Stay Safe,

Your Friends @ Defendify