© 2019 SourceMedia. All rights reserved.

Key steps to ensure data protection amidst the growth of mobile apps

Today, data protection is a serious issue for every business, and it requires constant vigilance and compliance with many regulatory rules. Adherence to the General Data Protection Regulation or GDPR in Europe is just a single, yet vital part of ensuring proper protections are afforded to customers and employees.

But as data protection regulation grow and the laws become more stringent, it has also become much more difficult to follow them because of widespread mobile adoption. Cloud-based and mobile solutions have boosted the amount of data that is exchanging hands while also introducing many new attack vectors. Mobile devices especially are ripe for high-profile attacks and breaches, and this is exacerbated by the sheer amount of mobile apps and services that exist.

Data that is being collected must be handled and stored securely and reliably. Companies must share with their users how data is going to be leveraged, and they must follow these plans without any deviation — at least not without further confirmation to customers. It must also be expressly outlined how long the data is going to be kept, and that means ensuring the information is deleted or wiped at the end of said period.

mobile apps.jpg
An attendee holds a yellow Nokia 8110 4G smartphone, manufactured by HMD Global Oy, during a launch event ahead of the Mobile World Congress (MWC) in Barcelona, Spain, on Sunday, Feb. 25, 2018. At the wireless industry’s biggest conference, more than 100,000 people are set to see the latest smartphones, artificial intelligence devices and autonomous drones exhibited by roughly 2,300 companies. Photographer: Angel Garcia/Bloomberg

Failure to do as required by current regulations could lead to legal action being taken against a company, as well as hefty fines or fees. As of 2016, about 90 percent of businesses had fallen victim to one form of cyberattack or another.

How to Secure Mobile Data

Step one of any data protection strategy is to assess existing systems and connections and discern what information is being collected, as well as how sensitive or personal it is. A proper assessment would consider any data streams, be it internal or external. The same protections should be afforded to all parties, including customers, employees, vendors and even partners. Therein, lies another aspect of data protection — ensuring your partners also have proper strategies in place.

Only once you've evaluated the data at your disposal, as well as its potential risk level, you can understand what must be done to secure it.

Assess and Deploy Mobile Security Measures

It's likely you already have conventional security measures in place to monitor your organization's network, devices and users. That may or may not extend to mobile users entering your system, and if it doesn't, you'll need to look for mobile solutions specifically.

This is where a diagnosis of your mobile framework will come in handy. What kind of policies do you have in place to protect your network and users? Are employees forbidden to download and install applications from third-party mobile app stores, for example? Have you instead decided to issue enterprise-exclusive devices and restrict business-related activities to said platforms only?

Additionally, consider what can be done to protect the network from users tapping in. For instance, you might look at separate network access between customers and employees. You might also deploy a joint security monitoring and firewall system that can be used to identify, track and block access to various users based on activity.

Find an EMM Solution That Works for You

Enterprise Mobility Management or EMM software is specifically designed to accommodate employee use of mobile devices and applications internally. An EMM combines mobile application management and mobile content management technologies into a single, comprehensive solution.

It boosts security considerably by allowing IT and security departments to have full control over a network in regards to mobile activity. EMM software can also improve employee productivity because IT teams can provide the necessary tools, applications and data to complete work tasks — the management and maintenance of supported mobile applications are handled by a security team instead of individual employees.

Some of the more prominent providers of EMM solutions include VMware, MobileIron, BlackBerry and IBM.

Document Everything, Including Breaches

Some regulations — GDPR is a great example — require businesses to document and explain everything that happens on their network, especially in the face of a data breach. The best and only way to comply with such guidelines is to establish a security information and event management solution, also known as SIEM. Many organizations already have something like this in place, and the point is that it should be extended to include mobile data streams.

It’s nearly impossible to document what happened during an ongoing investigation, especially if you cannot discern who or what was the cause of a breach. Ensure you have a proper documentation policy in place before a significant event.

Finally, in the event of a breach, make sure the proper customers or users are notified, alongside the necessary agencies. An alarming 80 percent of cybercrimes go unreported because the parties affected were unaware of the crime or didn't understand how to report it. Lying or trying to hide evidence of a data breach or attack can get you into more hot water than merely reporting it.

Conduct Mobile Security Testing

Throughout the lifecycle of a system or network, individual elements may change that alter risk levels and factors. This is especially rampant on mobile where the frequent and continued development of an application or service is typical.

It’s necessary to rely on mobile application and device security testing solutions to recognize new threats or vulnerabilities. It's a guaranteed solution for pinpointing hidden or lesser-known weaknesses within internal applications. The sooner or faster you can patch a security hole, the better protected the resulting data will be.

In the end, proper mobile security is about understanding the threats posed to you and the resulting data streams. If you know how sensitive data is being used, where it’s most vulnerable and where access is happening, you can lock things down.

Believe it or not, data protection and cybersecurity is no different, even in the age of mobile apps. It has just been shifted to include new channels and new attack vectors, which you must learn to secure — and fast.

For reprint and licensing requests for this article, click here.