Everyone loves getting something for free, and in the mobile space, free apps have exploded in popularity. According to a recent survey, 93 percent of the apps made by Android developers are free.
Of course, free is a relative term. More accurately, many apps are freemiums — free to play, but monetized with ads — with an ad-free version available for a fee.
Sounds great. Is there a catch? Michael Sanchez, SMB security marketing manager for Cisco Systems, thinks so.
He recently wrote a post for the Cisco Small Business blog, pointing out that free apps often come with privacy and security risks. In his post, Sanchez outlines three steps IT workers can take to make them more secure.
The first step is education. Make sure employees are aware of the possible risks posed by free apps and understand how to spot potentially malicious software. Teach employees to avoid downloading free apps as much as possible; and, when it’s not, to ask what’s the intent of the app and how does it profit the creator. Some apps truly are free and harmless. But if you can’t tell how the developer is making money from it, it’s best not to download. Also, encourage employees to check out an app’s reviews before downloading it, if only to make sure they’re not among the first 1,000 test subjects.
The second step is to install security software on employees’ smartphones (or to require they install it in order to connect to your network) that will help protect against mobile malware and viruses. For instance, install a monitoring tool like Lookout Mobile Security that checks apps for viruses and possible privacy and security issues. A monitoring tool may also look for apps running in the background and abnormal activity.
The third step is to use web and content filtering technologies, such as those in the Cisco ASA 5500 Series Adaptive Security Appliances, on your network. A security appliance like the ASA 5500 Series is generally chosen to protect the local network, but it also provides an indirect yet effective way of guarding against security threats that might come through or to the employees’ personal devices. Filters can block users on personal devices from visiting known malicious sites as well as block undesired or malicious types of content from your network and to the device. Consider also separating your network into virtual LANs (VLANs), so different types of traffic or access are isolated from other types of traffic.
The proliferation of free apps in the enterprise is a risk that more companies will face as bring your own device policies gain in popularity. As with most things related to IT security, user education is key.