Should security be one of your primary concerns, too, we give you a realistic overview of the threats and also some useful tips on how you can protect your business from such attacks. And not only on the good old desktop: as smartphones are on the way to become the most used devices in the workplace, you need to get ready to protect them as well!

Business desktops under attack again

Malicious code that blocks access to data or a whole computer by encrypting the files seems a successful recipe for easy money and extensive media attention. They provided an opportunity to talk digital security strategies good and bad as WannaCry hit corporations like Renault, Deutsche Bahn, and FedEx, and a reinvented version of Petya made its way to Russian and Ukrainian banks, Maersk, and WPP.

And this is not ‘just’ about the desktops anymore. With less publicity, attacks such as Fusob, Svpeng, and SMALL, also threatened mobile devices and systems  – just to mention a few. Enterprise mobility is no safe territory, anymore, and the vulnerability goes further than a weak endpoint: we’re talking about personal consumer devices storing or accessing company data.

Corporate security strategies revised

The broad reach of attacks forced many companies to alter their security policies regarding user control, transparency, the IT-departments’ role, and general awareness, especially as more and more enterprise software has its mobile version developed.

The risks can no longer be denied: there is much to do about:

• A workforce that is increasingly mobile but not necessarily more experienced in protecting corporate data.
• The volume and types of devices used in a workplace and how these devices handle data.
• Reshuffling IT’s priorities: taking security measures, educating a wider group of stakeholders.
• Analysing all the possible effects of a data breach on the business.

Besides the prevention measures mentioned above, you will also need protection. For example, anti-virus software makers are also adding their part in preparing for more assistance and expanding even more in the mobile space.

Symantec was the last to make the news with two recent acquisitions: the Israeli Skycure with a focus on predictive threat detection, and Fireglass with a browser isolation technology that helps to stop the spreading of malware.

VMWare has partnered up with Trend Micro to provide better protection against mobile attacks. It does that by allowing IT-administrators to get a birds-eye view of their (ever-growing) network, quickly identify threats, and make more informed decisions based on what they saw.

Securing mobile business applications in a future-proof way

The first step is to accept that every business is at risk: big or small, with or without a field team, working on any operating system. Also, every application is vulnerable to some extent. Then, take time to understand your current type and level of protection, so you’ll know what you’re missing: this way, you can react faster in case of an attack.

More focus on user behavior

In protecting your data in association with mobile apps, user behavior is crucial. From this perspective, your Millennial workforce might be the more at risk.

With a security awareness training, you can educate your staff about best practices, such as regularly updating the apps they use and the safety implications of sending mobile data through public wireless networks.

The best business mobile apps update themselves automatically for more protection, but it’s always worth to double-check.

Application control

As apps are becoming more and more dominant in the modern workplace, their integration becomes more important as well. The anti-virus software, the MDM or EMM should all work together in stopping any possible attacks and allow for maximum security.

Solutions that are independent of the location of the data, like precisely setting access rights and multi-level identification app by app, generally work well.

The successful combination of these methods might vary by company, but the goal is clear: to pass the five security checkpoints of a secure mobile business app. These checkpoints are the following:

• Secure code. Developers use encryption, audits, reviews, testing, approval processes to make sure no malicious code could appear.
• Secure data. Proper and up-to-date encryption of data ensures protection against misuse.
• Secure access. Role-based access provides an extra layer of security to passwords.
• Secure communication. The mobile app and the back-end should communicate with proper encryption and authentication protocols, like SSL/TLS.
• Secure third-party services. The risk of each provider should be assessed and their security and risk management program revised.

If you are aware of the industry standards, best practices, and user-generated issues that might have an impact on security, you have already taken a big step forward in securing your mobile business apps.

The post Mobile Ransomware Attacks: Don’t Let Your Business Apps Fall Prey to Malicious Code appeared first on Scolvo.

Clients usually overestimate the risks of using a mobile apps for business – developers, on the other hand, tend to underestimate them. Your task as a consultant is to meet both of them halfway. And, in order to do so, you should be aware of the industry standards, best practices, and user-generated issues that would have an impact on security.

[/spb_text_block] [spb_image image=”17750″ image_size=”full” frame=”noframe” caption_pos=”hover” remove_rounded=”yes” fullwidth=”no” overflow_mode=”none” link_target=”_self” lightbox=”no” intro_animation=”none” animation_delay=”200″ width=”1/1″ el_position=”first last”] [spb_text_block animation=”none” animation_delay=”0″ simplified_controls=”yes” custom_css_percentage=”no” padding_vertical=”0″ padding_horizontal=”0″ margin_vertical=”0″ custom_css=”margin-top: 0px;margin-bottom: 0px;” border_size=”0″ border_styling_global=”default” width=”1/1″ el_position=”first last”]

There are many ways to secure an enterprise mobile application, and in most of the cases, some combination of these methods will lead to a truly secure outcome.

If part of a solid IT security policy, or, rather, a mobile security framework, that’s a good start. Then comes the assessment of risks regarding the mobile applications and finding the right solutions to control the security of all the elements of the mobile workflow.

Prevention and protection is of equal importance: you can read about the basics of this concept in a previous SCOLVO blog. This time, we present the major checkpoints mobile solutions need to pass to be considered secure.

Checkpoint 1: The Code is Secure

The absolute minimum due diligence from the part of a mobile app developer is to use secure codes. During the development, there are several steps to ensure that no malicious code could appear at any stage of the process, through reverse engineering or tampering or in any other way.

By encrypting the code, it will hardly be accessible to those with bad intentions. Audits, reviews, penetration testing, and releases pending on security expert approvals can further enhance security and ensure that vulnerabilities are discovered on time.

When a code is publicly readable, its flaws might become attack surfaces and the application itself modified. Then the business runs the risk of users downloading the modified version and become targets of attack.

Checkpoint 2: The Data is Secure

In the case of enterprise apps, the data, often sensible with significant business value, is stored on the users’ devices. Developers need to use special encryption algorithms (SCOLVO, for example, uses elliptic curve cryptography) to protect these data from misuse. Data can also be encrypted by its elements to make its transfer safer.

Also, the algorithms used for encryption should be up-to-date, in order to provide maximum security: good development teams closely monitor the latest trends and best practices industry-wide to select the most effectives security solutions.

Data leaking from mobile devices and apps is a threat that should be taken seriously. In a report by Lookout and Ponemon Institute, the economic risk of a mobile data breach is put as high as $26.4mn, adding the two-thirds of the companies had already had some kind of mobile breach to pay for.

Checkpoint 3: The Access is Secure

We all know how insecure passwords can be: so many users are just unaware of the security risks certain practices or their devices pose. Still, poor password management can be fought with encryption methods, but even better is a role-based access that provides an extra layer of security by only allowing the user to see the information essential to his or her job. Different profiles can then be managed by an Identity Access Management system.

According to Gemalto’s Breach Level Index, identity theft is the most common type of breach with a 58% share of the total and counting.

The good news is that even small, competent teams that use the right tools can effectively protect their business users from failing this way by encrypting sensitive information in configuration files, and making sure all security settings are turned to the maximum by default.

Checkpoint 4: The Communications are Secure

Communications between the mobile app and the backend systems or third-party services should be secured by proper encryption and authentication. A common protocol is a basic authentication with SSL/TLS encryption, while communication in production environments can be made secure by the involvement of certificate authorities.

Checkpoint 5: The Third-Party Services are Secure

In protecting an application against malware or fighting attacks, a third-party service provider, usually for cloud infrastructure, can play a key role. Since they prone natural targets for a security breach, developers should be aware of the security and risk management programs of their provider. (At SCOLVO, we choose Amazon Web Services, the leading IaaS provider in Germany, that meet the major security certificates’ criteria and is regularly audited.)

They also have to assess the risk of each provider, depending on the sensitivity of the data they have access to, especially since the number of data breaches associated with these providers have increased by 22%, a PwC report shows. Furthermore, advertising and analytics can be gateways to security breaches, as they usually involve a better-than-average amount of data transfer.

While cutting back on these activities and sticking to the core functions can be a viable solution to decrease the risks, it is not always the most wanted. Regular monitoring of activities of the application by the development team and saving data to other storages allows the organization to prevent attacks or fixing vulnerabilities in time.

Let your clients enjoy the power of mobility without complications – Join the SCOLVO partner community today!

[/spb_text_block]

The post 5 Checkpoints to Pass for a Secure Mobile Business App appeared first on Scolvo.

With businesses worldwide finally getting the message about an inevitable digitalization and mobilization, we surely welcome the large-scale improvements it will bring. However, there will be challenges along the way, and the more you’re prepared the more likely you are to exploit the benefits of new technologies.

[/spb_text_block] [spb_image image=”17772″ image_size=”full” frame=”noframe” caption_pos=”hover” remove_rounded=”yes” fullwidth=”no” overflow_mode=”none” link_target=”_self” lightbox=”no” intro_animation=”none” animation_delay=”200″ width=”1/1″ el_position=”first last”] [spb_text_block animation=”none” animation_delay=”0″ simplified_controls=”yes” custom_css_percentage=”no” padding_vertical=”0″ padding_horizontal=”0″ margin_vertical=”0″ custom_css=”margin-top: 0px;margin-bottom: 0px;” border_size=”0″ border_styling_global=”default” width=”1/1″ el_position=”first last”]

Challenge #1: Speed

Now that the early adopters’ time is up, every other business has to act quickly and commit to digitalization. In a research done by McKinsey last year, figures show some industries clearly emerging, not so much for digitalizing their assets, but for a faster adoption of digital processes and interactions and a larger amount of digital workers. Tech’s lead is no surprise, but media, finance, and professional services are also in the top league. Companies operating in these sectors have workforces that are 13 times more engaged digitally than others – thus that much more of a chance to improve productivity.

Businesses are not just going digital, but many are going mobile-first. New processes and workflows are translated to mobile procedures before anything else. This trend requires a lot more applications though (the market segment is expected to double in five years’ time), so development cycles have to be quicker. Those procedures that can’t be mobilized can still be automated with technology.

Challenge #2: Security

Wherever sensitive data is being created there will be a chance of a cyber-attack. Fortunately, not only the criminals’ tools are improving. Mobile devices with access to business-sensitive information can be protected either with an Enterprise Mobility Management (EMM) tool, or with mobile threat defense, or combining the two. Choose what fits your company best but don’t choose to ignore the threat – a mobile data breach can cost the enterprise as much as $26.4 million.

Challenge #3: New devices

No need to fight this: employees will continue to bring in their personal devices (mobiles, tablets, and increasingly, wearables), but this is going to be your smallest problem in the coming years. The Internet of Things (IoT) will pose a much greater challenge: with over 30 billion devices connected in a few years, you will need the proper business apps for them, just as you have them for other devices. It will require more complex platforms to have everything under control, together with a solid backend infrastructure.

Besides the technical challenges, there will also be the task of finding where to fit these new devices in the business processes. On a more positive note, if you succeed, you will be rewarded by extra productivity gains and even more cost savings.

Challenge #4: New user demands

Users have grown together with the digital age already have high expectations towards digital tools in the workplace, only to be outdone by the digital native generation. Millennials had caused quite a shock when taking over the workforce, demanding, even more, accessibility, even more functionality of the tools, and, most of all, a seamless user experience.

[/spb_text_block]

The post 4 Challenges of Mobilizing Businesses in 2017 appeared first on Scolvo.