Preventing policy violations: Identifying and resolving mobile security vulnerabilities

Businesses leveraging BYOD initiatives stand to gain their fair share of benefits, including boosted flexibility and collaboration among co-workers, as well as increased productivity throughout the company. However, managers should keep a close eye on the programs and mobile apps being utilized by their staff members - not only to ensure compliance with internal policies, but to prevent security issues connected with consumer-level apps. Oftentimes, it is best to invest in internal component suites to bolster mobile data protection.

For example, Cloud Tweaks recently reported that SnapChat violated its privacy policy, resulting in charges from the Federal Trade Commission. While SnapChat is not traditionally utilized for enterprise purposes, the case shows the importance of thoroughly vetting a mobile app before allowing its use.

The source stated that the FTC charged SnapChat with making seemingly protected, private messages and videos easily accessible, and with tracking Android users through geolocation. The app also contained several other vulnerabilities that could provide hacking opportunities and access to sensitive information like usernames and phone numbers.

Although an app itself can open up security weaknesses, so too can user activities. TechTarget pointed out that many business leaders may let instances of shadow IT and policy violations slide because these workers may not be leveraging these practices with malicious intent.

"[W]orkers may not even know that certain actions break a company policy," TechTarget stated. "That being said, thousands of breaches occur daily, and they can cost companies millions of dollars."

Mobile security strategies
To prevent falling victim to an external breach due to internal activities, organizations should utilize a few best practices to better secure their mobile initiatives. One such guideline is the use of mobile apps that were specifically created to match the needs of the business. Many companies invest in developer services to craft HTML5 form programs that will function optimally across every device being used within the group, as well as to prevent privacy vulnerabilities that can exist within some consumer-level apps.

Administrators should also seek to better enforce their existing policies. TechTarget noted that many employees may not be aware that they are breaking the rules, but their actions could put the future of the business in jeopardy. Instead of going easy when these type of events occur, managers should educate their workforce as to the particulars of the policy and discipline those that go against these guidelines. This will improve information security throughout the organization.

"Make sure workers know how to get the most out of their devices, teach them about the risks of exposing company data and explain why your company's policies are in place," TechTarget recommended.