Posted on July 21, 2016 by Vladimir Ghilien
Tip #1. CAUTION! Public Wi-Fi Networks!
Public wireless networks are frequently invaded by hackers that want to get access to private data, so it is much safer to use a virtual private network (VPN) instead. Thus, consider using a VPN over a public Wi-Fi net, if possible. Before the beginning of Mobile World Congress 2016, Avast Software went to the Barcelona Airport, where they have performed a Wi-Fi hack experiment. The results showed that thousands of trade show attendants ignored possible risks and have compromised their security for convenience, thus putting their gadgets and corporate private data at huge risk.
Tip #2. Limit Your Sessions
Another way of stopping hackers is restricting the availability of your application’s attack surface. Make certain that hackers can’t strategize ways to your IP at any given time. By making pauses in your sessions, you cause serious trouble to attackers, who want to establish a springboard in your organization.
Tip #3. Don’t Store Data on Your Device
If you don’t store data on the device, it can’t be stolen, lost, or misused. First-generation security solutions tried to make the gadget as a means of data protection. Today, we know that data remains vulnerable even, if you use some device management tools. Managing incompatible mobile gadgets and operating systems may leave IT departments with tons of work that doesn’t further organization’s security stance even just one bit.
Tip #4. Enforce Policies for Access and Applications
One of the easiest and fastest first steps to getting control over mobile applications is examining your policies. Every organization is ought to have an easily enforceable access to mobile applications for its employees, as well as the resources accessed by these applications. For instance, temporary or seasonal workers just require access to the applications required for their work, instead of the entire network. Third-party applications with overreaching permissions should be controlled and monitored from the IT department, not by users.
Tip #5. Use Security SDKs for Data Encryption
Security SDKs are a great means of protecting your data, just as the encryption keys employed for the same cause. At any moment you may simply add a new security layer to secure your data, thus making it harder for hackers to get to it. And even though this may seem like a reasonable thing to do, many users still ignore doing it.
Tip #6. Make Sure That Security Is Being Baked into App Development
No matter how advanced security has become lately, it is still separate from the process of application development. The thing is that security should be baked into the process from A to Z, from the very start of the testing and QA stage, through to production before the app is submitted to Google Play or Apple App Store for approval. Ignoring security at the development stage just puts the app at a greater risk.
Tip #7. Consider Avoiding Third-Party Repositories
Frequently, developers insert third-party components, like file format parsing, compression, and networking libraries into programs they write. For most programs, these modular components fit perfectly and writing a new code for every other program would be plainly meaningless. It is crucial that developers take additional time, when they pick components at hand in order to make certain that each of the used components is updated and that they do it even after the app’s release.
Can't seem to convince your management to use proper security? Check out our business whitepaper and they may get convinced.