CRM & Data
Austrian Post Is Enhancing App Security
It is already mid-February and companies have little time left until the new EU Data Protection Regulation (GDPR) comes into force on 25 May 2018. From this point on, companies must be able to prove that the data in their mobile applications is secure; any infringement is to be reported immediately. Many companies are still not sufficiently prepared for this new measure, despite the fact that violations will be cause for hefty penalty fees, and lead to reputation damage and economic losses. The new GDPR not only means more stringent requirements for comprehensive IT security strategies, but also requires app management optimisation and relevant employee training.
How can apps be made more secure?
App security is, first and foremost, a job for the company that publishes the app. Many believe that Apple and Google are running thorough security checks on the apps that appear in their stores. This is a misconception.
The reviews displayed in stores are primarily concerned with two more self-serving aspects: On the one hand, the app store itself should remain secure and, on the other hand, it should not display any illicit or "salacious" content. The actual security of apps themselves is therefore only very superficially considered – or not at all.
Data is an interesting target for hackers and must therefore be protected by the publisher of the app itself. Key security measures include: clear coding guidelines for creating apps and a means of measuring compliance to ensure these guidelines are met. Especially important is that little to no data is retained on the smartphone itself. The success of an app also depends on a secure user experience. Anyone who puts an app on the highly competitive market must test the mobile application for vulnerabilities in the development phase and close potential security gaps to guard against cyber criminals.
How Austrian Post is securing their app
Every company that handles sensitive data, such as the Austrian Post (Österreichische Post AG), which provides innovative services with their e-mailbox and mobile post app, must prepare security and contingency plans. Austrian Post has actively prepared itself for the new EU GDPR with an app security check from IQ mobile: https://www.iq-mobile.at/en/app-management/
The IQ mobile app check offers a holistic approach, providing a comprehensive catalogue of security measures:
Screenshots Post App
Personal or sensitive data, such as location information, is best encrypted and stored in secure isolated zones like Linux containers of the app operators. Additionally, hourly snapshots and daily server backups are required. In the event of theft of personal data, there are strict requirements imposed by the Austrian Data Protection Authorities (Datenschutzbehörde - DSB) regarding notification and recovery measures. This is a significant but essential expense that every company should factor into its budget planning.
Our take at IQ mobile
The booming mobile app market occupies a special position due to the proximity of the user to highly personal and sensitive data. This inherent risk is compounded by the presence of unrecognised shadow IT through BYOD (Bring Your Own Device), the trend where employees use their own mobile devices for business purposes. Companies should take action immediately and put security at the core of any app strategy – not only because of the threat of fines.
In the face of many potential vulnerabilities, early-stage app management is essential. Security must be a priority from the very beginning. This is the only way to avoid security issues in the app's later life cycle, as subsequent repairs are costly and resource-intensive.
IQ mobile has entered into a "power partnership" with SEC Consult Unternehmensberatung GmbH on the subject of mobile security. In this two-part interview with Ulrich Fleck, Managing Director of SEC Consult, and Harald Winkelhofer, Managing Director of IQ mobile, you can read about important aspects of mobile security, and how you can protect your app and company. Here: https://www.iq-mobile.at/en/blog/not-a-day-goes-by-without-an-attack/ and here https://www.iq-mobile.at/en/blog/no-third-party-access-permitted/
You can determine whether your app is up-to-date and relevant to customers quickly and easily with an app check. Here is an example: https://www.iq-mobile.at/blog/app-check-da-geht-die-post-app/ Learn what it takes to for apps to actually succeed from our white paper on app management: https://www.iq-mobile.at/en/blog/new-whitepaper-on-app-management/