In order to protect your organization, it is important that you implement a mobile app security checklist. Here is what it should include:
1. Enforce multi-factor authentication
The three main factors used for authentication are:
- something the user knows (e.g. a PIN or password)
- something the user has (e.g. a mobile device)
- something the user is (e.g. his fingerprint)
Combining several of these reduces the risk of access by an unauthorized user. In addition, you can restrict use to certain times of day or locations.
2. Encrypt mobile communications
Strong encryption between mobile apps and app servers can help prevent threats such as snooping and man-in-the-middle attacks. Ensure that both traffic and data at rest are encrypted. When possible, prevent ultra-sensitive data from being downloaded to the end user device in the first place.
3. Patch OS and app vulnerabilities
In addition to flaws in mobile operating systems, there are constant updates and fixes to apps that can open up vulnerabilities. Make sure the latest updates and patches have been applied on mobile devices.
4. Scan apps for malware
Test apps for malicious behavior using signature-based scanning tools or virtual sandboxing or. Also perform malware scans on the servers for your virtual mobile solutions or mobile workspace.
5. Protect against device theft
In case a mobile device from within your organization is lost or stolen, you should either have a way to wipe sensitive corporate data from it remotely, or not have company data stored on the device to begin with.
6. Protect the data on your device
If you must store sensitive data on a device, make sure it is encrypted with the latest encryption technologies. And only store it in data stores, databases, and files.
7. Properly secure your platform
8. Prevent data leaks
Separate apps used for business from personal apps. Creating a secure mobile workspace can help prevent malware from accessing your organization’s apps and can also prevent users from copying or distributing sensitive data.
To prevent the leaking of confidential data:
- Prevent copy and paste functions.
- Block screen captures.
- Prevent users from downloading or saving confidential files to their phone or to sharing sites, connected devices, or drives.
- Watermark any sensitive files with the usernames and timestamps of who accessed them and when.
9. Optimize data caching
In order to enhance your application’s performance, mobile devices generally store cached data. This opens up both the device and the app to vulnerabilities and often results in stolen user data. Requiring a password to access the app can help reduce these vulnerabilities. You can also set up an automatic process to wipe cached data each time the device is restarted.
10. Isolate app information
Using a container-based model can help you keep corporate data separate from your employee’s private data. This will help to reduce the risk of corporate data loss.