Every tech publication seems to have a list of best apps for business. Whether the goal is to analyze corporate cash flow or avoid the dreaded middle seat that doesn’t recline, there’s an app for the task. But have you considered the kind of sensitive customer or employee information some apps let you transmit? Developers may claim to take steps to secure the data, but as the FTC’s proposed settlements with Fandango and Credit Karma demonstrate, some apps promise more than they deliver. Given the potential hazards when apps go bad, is it time to think through how you use them in your business?
Some may advise people to go app-less, but let’s get real. For many executives – especially business travelers, teleworkers, and sales people in the field – apps are an integral part of their work. So how can you balance the efficiency of using apps to get the job done against the risks of exposing sensitive data to unauthorized disclosure? Here are seven tips from the FTC.
1. Choose your apps wisely. Before downloading an app, check the app’s security policies. What information does it collect? How does it plan to use it? How will it protect data during transmission and storage? If you still have questions, contact the app developer directly. Of course, even that’s not a foolproof plan, given FTC law enforcement actions against companies that didn’t give people the straight story about what was going on behind the scenes. But it’s still a good place to start.
2. Use a secure network. Most of us are used to looking for the visible indicator of https: (for secure) in the URL as a visual cue that a website is encrypted. But mobile apps don’t have that kind of indicator and experts say many don’t encrypt information properly. If you use an app to conduct sensitive transactions – accessing accounts, using a credit card, transmitting confidential client data, etc. – at least be sure you’re using a secure network. That way, even if the app doesn’t encrypt the information, the network does.
3. Consider the risks when using public Wi-Fi. Scan the departure gate at an airport and what do you see? Business executives frantically finishing a few minutes of work on a public network. The same holds true at the lunch counter or coffee shop with the Wi-Fi sign in the window. But remember that if a public Wi-Fi hotspot doesn’t require a WPA or WPA2 password, chances are it’s not secure. Consider whether it makes sense to wait until you’re back on a secure network before sending confidential data about your customers or employees. Furthermore, you might want to change the settings on your device so it doesn’t connect automatically to nearby Wi-Fi.
4. Think through whether using a website might be preferable to an app. Apps offer convenience, but present particular risks when the network isn’t secure. If you absolutely have to use an unsecured wireless network to transmit information, a company’s mobile website – where you can check for the https: at the start of the URL – may be a better choice than the company’s app. Here’s more advice from the FTC about using public Wi-Fi networks.
5. Is a VPN right for your staff? If you or your employees regularly send sensitive data through Wi-Fi hotspots, a virtual private network (VPN) may be a good choice for your company. VPNs encrypt traffic between your computer and the internet, even on unsecured networks. Many vendors offer VPN options for mobile devices.
6. Keep your own house in order. Does your company have in-house apps so your staff can access your corporate system? Job #1 is to take reasonable steps to secure those apps so that client and employee information isn’t in jeopardy. For guidance on baking in sensible protections, read Mobile App Developers: Start with Security, a back-to-basics brochure filled with tips that apply equally to app sellers and to companies designing apps for in-house use.
7. Educate app-happy staff. Clue in your co-workers about the dos, don'ts, and maybes of using apps to conduct company business. A good entry-level introduction for your next staff meeting: Understanding Mobile Apps.