Why security and privacy are more important than ever
The average cost of a data breach globally is $3.92 million, according to the 2019 Cost of a Data Breach Report. This figure has continued to increase over the past years, which means that the costs of poor cybersecurity practices are no laughing matter.
At the same time, data privacy has become increasingly important in recent years. Cisco's 2019 Consumer Privacy Survey found that as many as 84% of respondents care about data privacy. As a result, some employees may not even be comfortable using an app like Workplace by Facebook given Facebook's reputation for snooping on user data.
Creating your own branded employee app is a great way to both ensure compliance with your company's cybersecurity goals and drive user adoption by allaying employee privacy concerns. Use the following ten considerations as a starting point for what to look for in an employee app to ensure it is secure.
1. Trained and expert developers
Are the employee app's developers qualified in secure coding methods and web application identification of risk vectors?
2. Pen testing
Does the employee app company run safety checks where a tester attempts to hack the device to access information? This helps to identify vulnerabilities that could be exploited by an attacker and prevent data breaches.
3. 3rd-party certification
Are the employee app's security practices certified by a reputable 3rd party organization? Relevant standards include ISO 27001 and SOC 2.
4. Secure hosting
Where is the app's data hosted? What security measures does the host have in place?
5. Encryption
Is data encrypted using HTTPS and TLS 1.2? High-level encryption prevents hackers from being able to access data even if they are able to get into the system. Strong encryption practices are crucial for preventing data breaches and meeting industry standard data privacy practices prescribed in contexts such as the GDPR.
6. General protection
How does the employee app protect data from hacking and reverse engineering? How is employee privacy protected from leakage and mining for unwanted advertising?
7. Password policies
Can your administrators configure password policies according to your needs? For instance, can they adjust the maximum/minimum password length and character requirements? What about password expiration and recovery options? You don't want to compromise the user experience with passwords that expire too often and cannot be recovered with self-service either.
8. Application-specific protections of company data
Device pin codes and biometrics provide provide a much higher level of security. But what if your users have not enabled any of these? Can you require a specific password just for opening your employee app to mitigate these threats? And can you remotely lock down or wipe company data if a user's device were to fall into the wrong hands?
9. 3rd-party resource security
Are links to remote repositories, applications, and other APIs encrypted?
10. Parallel sessions
Can administrators set a maximum number of parallel sessions and maximum duration of inactivity?
Create a secure employee app on your terms
You don't want to be hit with data breach fines or reveal your trade secrets. Neither do your employees want their privacy compromised and their personal data exposed to spammers. Therefore, a secure employee app is a win-win for both your company and your employees.
Learn how Teamvate can help you keep your data secure and tailor your employee app's data protection policies to your specific needs.
