Android apps are shown to be high risk for users. In fact, the widespread use of unpatched open source code in the most popular Android apps distributed by Google Play has been suggested to cause significant security vulnerabilities, according to this American Consumer Institute report. According to the report, 32% of the most popular apps in the 16 categories sampled averaged 19 vulnerabilities per app. Researchers also found critical vulnerabilities in many common applications, including some of the most popular banking, event ticket purchasing, sports and travel apps.
Now, what does that mean for your organization? The fact is that you likely have employees who are using these application on the same devices they are accessing internal networks or other sensitive data. That puts your company at risk. Here are several things to consider as you decide on how to manage that vulnerability.
Provide Employees with “Work Only” Devices
While it can be costly to provide staff with desktop and mobile devices, it may be well worth the investment. Ensuring that employees are able to keep their personal app use to their personal devices provides a certain barrier that can help protect your data. But the inconvenience of managing two sets of devices can make this a challenge for some companies to enforce. But with education around the problem and investment in strong security measures can really make a difference to keep hackers at bay.
Educate and Enforce
A big part of your digital security team’s mandate should be the education of employees around what security risks you all manage on a day to day basis. Consider creating a regular security newsletter or blog that can help employees stay up to date on the rapidly changing digital landscape. Make sure that your older employees are well trained in the use of their devices and know the risks that might be more intuitive to your younger staff members. Enforcement of strong app use policies is another critical step to keeping your employees and your data secure. The U.S. National Institute of Standards and Technology has guidelines for vetting mobile apps which clearly lay out a process for ensuring that mobile apps comply with an organization’s mobile security requirement. It’s a great starting place for enterprises who require employees to stay connected on the go, but recognize that some vulnerable mobile apps are necessary to keep out of their environment.
Don’t Wait for App Makers to Fix Anything
While it makes sense that the ultimate solution to this problem is for app makers to fix broken Android apps. They are technically in the best position to address the concern, but they are also the least likely to be damaged by a hack. Whether they are willing to take action can depend on their reputation as a high quality app developer, on their resources, and even on their jurisdiction.
Given that the threshold for app makers is relatively low, it falls on the users to take extra precautions around using those apps. And that means that employers need to know and manage what their employees are doing to ensure a high level of digital security in the mobile era.