Many mobile app developers do not place a high priority on data security, as illustrated by a recent IBM/Ponemon study:
- Fifty percent of mobile app developers have no budget for security.
- Forty percent of companies don’t scan mobile app codes for vulnerabilities.
- The average company tests less than half of the apps it builds for security issues.
- Thirty-three percent of companies never test any apps for security.
Such vulnerabilities have contributed to over one billion personal data records being compromised last year alone. In addition, studies show that 11.6 million mobile devices being affected by malware at any given time.
The risk involved with mobile apps is extended to employers when employees access or maintain company electronic information using their personal devices. Many employers have a “Bring Your Own Device” program, others do not and may not realize how much of their data is stored on their employees’ personal devices. In either case, the company’s data is at risk. According to the same IBM/Ponemon study, a majority of employees (over fifty-five percent) define themselves as heavy app users yet indicate that their employer does not have a policy which defines the acceptable use of mobile apps in the workplace. An even larger majority of employers (67%) do not review or vet the downloading of mobile apps in the workplace. Most employers allow employees to use and download business apps on their personal devices without monitoring for potential security issues.
Employee use of their own devices in the workplace can bring increased productivity and morale, but also raises a number of risks. Developing and implementing a comprehensive BYOD program can help to mitigate those risks, including those that apps present. Many employers are probably not even aware of this potential “app” risk to electronic company information. Employers are advised to move quickly to address potential security risks to company confidential information, including those created by the use of mobile apps.