This week: building a digital defense with mobile apps. Last week we talked about browser security, but you should know that mobile application security is every bit as important.
There is a seemingly endless supply of apps available for your devices. Gaming, banking, messaging and more. Everyone has an app that is supposed to make your life better. But what happens when someone brings a vulnerable app onto your network?
Ideally, you should only allow devices issued by your organization to connect to your network. Your business or campaign should come up with a list of popular, approved apps from reputable publishers that can be installed on devices connected to your network.
If the app is performing a service, like banking or shopping, only allow the specific app designated by the service provider (such as the specific bank or store). If the app isn’t on your approval list, then it shouldn’t be installed on a device linked to your network. Don’t let mobile apps access any information on your device unless it’s absolutely critical to the functionality of the app.
If your organization does allow personal devices to connect to the office network, make sure those devices are virtual private networks, or VPNs. You should routinely check any personal or office-owned device connected to your networks for strange behavior, such as odd call or data usage.
As with browsers, it is very important that you keep your apps updated. Also, make sure the apps are owned by reputable companies, preferably in the U.S. Other countries may have different laws about what app companies must provide to foreign governments, which means your information on a foreign-owned app may have less legal protection than it would in the U.S.
These tips won’t protect you against every kind of cyber attack, but they will make you a less attractive target for attackers.
Remember your voice matters, so protect it. Go to www.FBI.gov/ProtectedVoices for more information.