In the wake of last week’s cyberattacks that targeted the UK’s NHS, as well as affecting over 100 other countries, IT security concerns have, once again, gone mainstream.
Not since the attacks on Three Mobile and Tesco Bank (which resulted in the loss of millions of pounds and large chunks of personal data) have there been such loud mutterings about Ransomware, cybercrime, bitcoins and SMB file transfers amongst the general public.
Pre-election this cannot be considered to be a ‘good thing’.
But for businesses, cybersecurity threats have never gone away, increasing year on year. Almost half of UK businesses (49%) detected a breach in security in 2016, rising from 24% in 2015. (Source: Department for Culture, Media and Sport (DCMS) 2016).
With security on high alert, what steps can you take to reduce the risks around mobile apps? Here are our top 5 recommendations:
1. Design version control into your apps.
The recent press coverage would lead you to believe that the Ransomware attacks were due to lack of upgrade from outdated and unsupported operating systems running on old computers. The truth is – it’s not just about computers – it’s about devices, equipment and computers. Devices and equipment that are difficult and expensive to upgrade safely. This means old versions of the software are left running – and older technology is more susceptible to attack.
Mobile phones share the same security challenge; that of version control.
Although they are always connected, mobiles are not necessarily accessible for an upgrade. You just can’t account for human behaviour when presented with an upgrade opportunity. As a result, most organisations find they are supporting multiple older versions of their mobile app – and need to make provision for this in their support plans.
Our advice? Plan for version control from the outset, in the sure knowledge that at some point in the near future users will be running multiple versions of your app. And they will need to be supported.
2. Consider security while coding your apps.
With mobile, you don’t have the same prevention options open as you do with the web. For example, for the web you can use your firewall to detect certain threats and filter them out. Securing yourself against external threats in this way then buys you time to deploy patches and fixes. With mobile, you just don’t have the same options.
It doesn’t mean that mobile apps are less secure. It just requires good coding and testing standards to be applied from day one, hardening the code to avoid the risk of possible reverse engineering and tampering.
3. Use additional mobile security technology.
Don’t just rely on the likes of Apple or Google to provide security for your mobile apps. “Hope is not a strategy” as New York City Mayor, Rudy Giuliani famously said. Good as Apple and Google can be, you are also able to augment the platforms and operating systems with additional specific tools and features, which allows you to sleep more soundly.
Instead, look into the vast array of little-known (and therefore under-used) but highly efficient app security tools presented by companies like VASCO, Mobile Iron and App Dome.
These additional technologies work with your app and are well worth the investment.
4. Monitor your apps for abnormal activity.
Don’t just deploy mobile apps and forget about security monitoring. There are good tools available to measure abnormal activity – which could point to either app failure or a security issue.
Once an app is deployed, it’s easy to believe that’s the end of the story. It is, however, possible and necessary to monitor its performance and safeguard yourself from threats, before they become major problems.
5. Be in the know.
Don’t be the last to hear about a vulnerability or threat. If you have a close and trusted relationship with your handset and network providers, you have a better chance of getting prior notice of any security threats. And, of course, be able to deal with them before they disrupt your business.
After all, we now know that Ransomware was on the radar of the security community for many months before last week’s attacks.
Last week was a wake-up call to everyone to check and tighten security. It highlighted to both the general public and businesses the real threat that is ever-present – and that attacks come in many different forms.
The good news? There are plenty of effective tools and technologies available to help counter the problem (which sadly not enough people are aware of and use). And with a good security strategy in place – there’s no need to panic.
By building security into your mobile apps from the word go and using the latest tools and technologies, it’s possible to build beautiful, innovative mobile apps with enterprise-grade security. Apps you and your users can trust to manage millions of transactions without the risk of a breach. At Chelsea Apps, we’ve been doing this for our roster of blue-chip clients in highly risk-averse sectors, where security is paramount, for the past seven years.
Don’t hesitate to contact us to discuss security further.