Domingo Guerra, the President & co-founder of Appthority provides his insights and expertise regarding risky security behaviors associated with mobile devices and associated apps.
The health and IT sectors are increasingly merging with nurses using mobile devices more and more on the job, a clear indication of the growth of #mHealth. A survey of about 2500 nurses found that 65 percent use mobile devices at work every day. These nurses reported using their smartphones for professional services for a minimum of 30 minutes and up to two or more hours a day.
Other findings suggest that nurses are using social media to address healthcare related issues as well. Appthority recently weighed in on the importance of mobile health security with over 43,000 health-related apps on the market. Many of these apps are still not secure and are susceptible to data breaches, hacks, and other potentially risky behaviors.
Mobile health technology is still new and with its rapid evolution have come growing pains that need to be worked out. Additionally, many hospitals have not installed official policies addressing mobile data in the workplace. Health care remains an industry where digital technology has the potential to transform many of its current practices and protocols and well-crafted mobile policies and security systems must be in place. This is, of course, especially important when dealing with patient data such as social security numbers, financial statistics, and confidential health records.
Another sector where the ripple effects of BYOD are being felt is in the federal government. With recent iCloud hacks galore releasing photos without permission, government agencies have become very worried about mobile data when it comes to storing confidential information in the cloud. For example, a recent study from the Ponemon Institute revealed that 63 percent of government IT managers said there is a high likelihood that employees move business information to locations like Dropbox or Box without the knowledge or consent of the agency. Mobile-to-cloud security becomes even more important in the federal space, where a leaked risqué picture would be the least of the concerns.
Who’s responsible for a third-party hack?
When data is leaked, people are quick to point fingers at the responsible party. However, following a leak of private photos and videos from more than 200,000 of their users’ accounts, Snapchat has attempted to wash their hands of responsibility. Snapchat argues that their servers were never breached, and access to these photos was instead made possible by the security lapses of third-party apps. These apps leverage Snapchat APIs (without permission from Snapchat) to store photos taken by Snapchat users, but often have weaker security and user protection than the Snapchat native app. Although Snapchat has a point in that they can’t be 100% responsible for what unauthorized third-parties do with the Snapchat APIs, besides securing their APIs, Snapchat also owes their customers more visibility into the risks inherent in their current system: Snapchat users can only trust Snapchat as much as they can trust the folks they are communicating with. Those receiving risqué “disappearing” pictures have long had the ability to take screen captures of the pictures or use 3rd party apps that record the pictures and prevent them from disappearing. Snapchat should be more upfront with these types of warnings to their users... and hopefully prevent their customers from being exposed.
Last week also saw the resurfacing of Edward Snowden. Snowden who made classified information from the National Security Administration public last year, participated in a video interview focused on data privacy. Dropbox, the cloud storage service, also saw their users become victims of a third-party hack. Calling the service “hostile to privacy,” Snowden noted that Dropbox only encrypts user data during transfer and when being stored on servers. This means that user data is at a high security risk at other times, and especially when using the Dropbox app. This is specially concerning given the Appthority Summer App Reputation Report found that thirty-one percent of the top free Android apps and sixteen percent of the top free iOS apps connect to cloud file storage services like Dropbox, making it one of the top ten risk app behaviors for the enterprise.
If the security of these apps that are storing images from Snapchat or documents on Dropbox is being compromised, it begs the questions, what other data is being collected by apps, and who will be able to hack their way into possession of it? The risk of enterprise data being collected by an unapproved app on a cell phone in a BYOD environment makes it impossible to feel completely confident that it won’t be at risk for unauthorized sharing during a security breach as well.
Domingo Guerra is the President and Co-founder of Appthority—which provides the industry’s first all-in-one App Risk Management service that employs static, dynamic and behavioral analysis to immediately discover the hidden actions of apps and empower organizations to apply custom policies to prevent unwanted app behaviors. Follow him on the Appthority Blog, and his company on Twitter: @Appthority.
This article was reprinted with permission.
The nuviun blog is intended to contribute to discussion and stimulate debate on important issues in global digital health. The views are solely those of the author.