When dealing with a mobile device, there are many unknown factors.
First and foremost, how can you be sure that the person using the phone right now is actually your customer? After all, a smartphone can be sold, lost, or even stolen at any time. And some people leave devices unattended, or let their friends borrow them. That is why authentication is of paramount importance. Do not allow customers to access your app without logging in, especially if there is personal data involved. You may even want to consider including a feature that lets your customer disable the app remotely, for example by logging into his account or calling your customer service.
The device itself is another important element. What type of device is it, and what operating system does it use? Is it up to date? What are the security features? Which other applications are installed? Could there be malware, spyware, or viruses on the device without the user’s knowledge?
A third unknown factor is the device location. Where is the device while it is being used? And more importantly, which network is it connected to? Is the network secure?
Unlike with employees, you have no control over the devices and actions of your customers. That is why your mobile applications need to find ways to deal with both user error and the device-related weaknesses we mentioned earlier.
Consumer mobile devices typically serve as hubs for their entire online life: most emails are first viewed on a mobile device, which could expose them to phishing attempts. US network provider Verizon has revealed that in 2017, 90% of all data breaches were due to phishing emails. Even if only a small percentage of your customers fall for a phishing scam, personal data could be at risk.
Moreover, most users love to use free (sometimes unsecured) wi-fi services and do not shy away from providing an email and password in exchange. If it is not properly encrypted, unsecured public wi-fi networks could expose your data to hacking. But there is a second danger to using free wi-fi services: users can be tricked into believing a network is legitimate (free airport wi-fi is a good example) when it is in fact run by criminals with the aim to capture personal data.
Most applications will use encryption to secure the flow of information from the mobile device to the company and vice versa. But all encryption is not created equal: hackers are constantly finding flaws in existing algorithms, so developers must always stay at least one step ahead them. On top of that, token management can be another weak spot: session tokens can be accidentally shared with external parties, allowing them to access personal data while posing as your customer.
The only way to stay ahead of the curve is to make sure that your mobile security is fully flexible: threats develop and evolve at lightning speed, so your security protocols must constantly adapt to prevent issues. This takes a lot of time and effort and can be extremely taxing on your in-house IT department. You can read more about mobile security for your business in our dedicated blog post.
Onegini offers a comprehensive CIAM platform: Onegini Connect. This customer-friendly and highly secure solution features a native Mobile Security Platform, which is continuously updated to cover all your mobile security needs. Among other features, it is equipped with:
Want to find out more? Get in touch with us today. We’re always happy to discuss your needs and explore whether Onegini Connect is right for your business.