Maybe you weren't surprised when researchers at the University of New Haven posted a series of videos showing that many common Android apps contained serious data privacy flaws that could allow cyber criminals to snoop on user data. Sadly, this kind of news is becoming commonplace.
When tech professionals criticize Android, it's often over the platform's susceptibility to malware, but these flaws are caused by something different. App makers are simply not handling user data properly. It's shocking how many apps don't encrypt data while transmitting or storing it on servers.
This news provides an important reminder for IT professionals: once data leaves your device, it's thrown to the wolves. So how do you protect your client's security?
- Identify which Android apps are vulnerable.
- Improve your client's user-level security.
- Promote stronger data security habits.
The Weakest Links: Apps with Lackluster Security
As ThreatPost reports, Android apps like OkCupid, Instagram, Vine, and many other messaging and media-sharing apps have serious flaws. By using basic security tools, researchers were able to gain access to data that should have been encrypted, such as…
- Messages.
- Videos.
- Pictures.
Perhaps most shocking was that messaging app Nimbuzz stored its users' passwords in plain text on its servers.
Why do so many apps have mediocre security? As we reported in our article, "How to Talk Cyber Security with Your Clients," in the mobile app startup world, the emphasis is usually on performance, design, and marketing – not security. However, security needs to be a priority from the earliest stages of software development for it to truly work.
Cyber Security: Safety Not Guaranteed
What does mobile app security have to do with your IT liability? Clients might not understand that their company's data security is entwined with each user's individual security. When users have the same password for personal and professional accounts, they weaken the company's security.
To help your client understand the importance of unique passwords, explain that they work much like keys. Just as a homeowner wouldn't have the same key for their house, office, car, and safety deposit box, a user should have unique passwords for each important account – especially work accounts. (For more details on creating strong passwords, check out our post, "Security is Everyone's Job: Lessons from a Weak-Password Hack.")
Data security has to begin at the user level. IT consultants have to make sure their clients understand basic issues like password security and how to avoid malware and phishing scams.
How to Cover Your Cyber Risk
As an IT consultant, you've probably wondered about the aftermath of a data breach. What would happen to your business after one of your clients was hacked or a security flaw exposed its data? Would you be sued?
Errors and Omissions Insurance can pay for your legal expenses if a client sues you over a data breach. Even breaches caused by weak passwords and third-party security flaws (e.g., mobile app flaws) can lead to a lawsuit against your company.
To protect your company, submit an online insurance application, and our insurance agents will send you free quotes on IT insurance.
