Building a Digital Defense with Mobile Apps

The FBI’s Portland, Oregon office has published an advisory discussing best practices for mobile apps, such as those used for messaging, banking, gaming, and more. Some of these apps might have legitimate work functions and been vetted by an organization for use. In workplaces where employees are allowed to connect their personal devices to business networks, other apps are likely being accessed. If these other apps have vulnerabilities, that constitutes a vulnerability for the network. According to the advisory, ideally organizations should only allow devices they issue to connect to the network. Organizations should come up with a list of popular, approved apps from reputable publishers that can be installed on devices connected to the network. If the app is performing a service, like banking or shopping, only allow the specific app designated by the service provider (such as the specific bank or store). If the app isn’t on the approved list, then it shouldn’t be installed on a device linked to the network. If an organization does allow personal devices to connect to the office network, it should make sure those devices are virtual private networks, or VPNs. It should routinely check any personal or office-owned device connected to your networks for strange behavior, such as odd call or data usage. Finally, it is very important that you keep your apps updated (as with browsers) and make sure the apps are owned by reputable companies, preferably in the U.S. Read the advisory at the FBI.