Business execs: 7 things to consider before using that app

Every tech publication seems to have a list of best apps for business.  Whether the goal is to analyze corporate cash flow or avoid the dreaded middle seat that doesn’t recline, there’s an app for the task.  But have you considered the kind of sensitive customer or employee information some apps let you transmit?  Developers may claim to take steps to secure the data, but as the FTC’s proposed settlements with Fandango and Credit Karma demonstrate, some apps promise more than they deliver.  Given the potential hazards when apps go bad, is it time to think through how you use them in your business?

Some may advise people to go app-less, but let’s get real.  For many executives – especially business travelers, teleworkers, and sales people in the field – apps are an integral part of their work.  So how can you balance the efficiency of using apps to get the job done against the risks of exposing sensitive data to unauthorized disclosure?  Here are seven tips from the FTC.

1.  Choose your apps wisely.  Before downloading an app, check the app’s security policies.  What information does it collect?  How does it plan to use it?  How will it protect data during transmission and storage?  If you still have questions, contact the app developer directly.  Of course, even that’s not a foolproof plan, given FTC law enforcement actions against companies that didn’t give people the straight story about what was going on behind the scenes.  But it’s still a good place to start.

2.  Use a secure network.  Most of us are used to looking for the visible indicator of https: (for secure) in the URL as a visual cue that a website is encrypted.  But mobile apps don’t have that kind of indicator and experts say many don’t encrypt information properly.  If you use an app to conduct sensitive transactions – accessing accounts, using a credit card, transmitting confidential client data, etc. – at least be sure you’re using a secure network.  That way, even if the app doesn’t encrypt the information, the network does.

3.  Consider the risks when using public Wi-Fi.  Scan the departure gate at an airport and what do you see?  Business executives frantically finishing a few minutes of work on a public network.  The same holds true at the lunch counter or coffee shop with the Wi-Fi sign in the window.  But remember that if a public Wi-Fi hotspot doesn’t require a WPA or WPA2 password, chances are it’s not secure.  Consider whether it makes sense to wait until you’re back on a secure network before sending confidential data about your customers or employees.  Furthermore, you might want to change the settings on your device so it doesn’t connect automatically to nearby Wi-Fi.

4.  Think through whether using a website might be preferable to an app.  Apps offer convenience, but present particular risks when the network isn’t secure.  If you absolutely have to use an unsecured wireless network to transmit information, a company’s mobile website – where you can check for the https: at the start of the URL – may be a better choice than the company’s app.  Here’s more advice from the FTC about using public Wi-Fi networks.

5.  Is a VPN right for your staff?  If you or your employees regularly send sensitive data through Wi-Fi hotspots, a virtual private network (VPN) may be a good choice for your company.  VPNs encrypt traffic between your computer and the internet, even on unsecured networks.  Many vendors offer VPN options for mobile devices.

6.  Keep your own house in order.  Does your company have in-house apps so your staff can access your corporate system?  Job #1 is to take reasonable steps to secure those apps so that client and employee information isn’t in jeopardy.  For guidance on baking in sensible protections, read Mobile App Developers: Start with Security, a back-to-basics brochure filled with tips that apply equally to app sellers and to companies designing apps for in-house use.

7.  Educate app-happy staff.  Clue in your co-workers about the dos, don'ts, and maybes of using apps to conduct company business.  A good entry-level introduction for your next staff meeting: Understanding Mobile Apps.

 

5 Comments

>> Leave a Comment | Comment Policy

Great post, self discipline is the most important thing. If you don't manage to do it properly, you can loose whole day in nothing.
thanks for sharing..

YOU GIS ARE GOOD

Thank you for the tips. However in my opinion no aparatus is secure when you are sharing information with a server who has duplicate of your device.Your information could be mined, altered or blocked at will.

Great article and tips

Good

Leave A Comment

Don't use this blog to report fraud or deceptive practices. To file a complaint with the Federal Trade Commission, please use the FTC Complaint Assistant.

PRIVACY ACT STATEMENT: It is your choice whether to submit a comment. If you do, you must create a user name, or we will not post your comment. The Federal Trade Commission Act and the Federal Information Security Management Act authorize this information collection for purposes of managing online comments. Comments and user names are part of our public records system, and user names are also part of our computer user records system. We may routinely use these records as described in our Privacy Act system notices. For more information on how we handle information that we collect, please read our privacy policy.