In the wake of recent high profile breaches from established organisations including Lloyds, Yahoo and Tesco Bank, we have become more aware of the privacy issues surrounding information. Today, our behaviour mirrors this knowledge, but more importantly, are businesses responding appropriately in terms of application security?
Fear surrounding the collection and security of data in personal apps – including social media, messaging services and banking applications – ranked highly. Some 48 per cent of respondents are wary about collection of personal data by Facebook, with 58 per cent viewing the social network as the number one target for hackers.
Whilst 83 per cent worried about financial data being hacked, one in four admitted to not checking security measures before downloading apps. This negligence extends to apps directly involved in financial transactions, with 12 per cent admitting that they do not check banking apps and ten per cent shopping apps for security measures.
Blame for this negligence cannot be placed solely on poor practice from consumers. Of course, many need to take proactive steps to understand how data is being used and how to ensure their own online safety, but changes to apps fall firmly at the door of the organisations that create them.
We must address the following to start changing attitudes surrounding application security:
Make security transparent and intuitive
Businesses creating apps should be responsible for ensuring best practice by their users. This begins by making security intuitive and transparent. It’s no surprise that many people neglect to check security measures when they are buried deep in pages of terms and conditions.
By informing consumers about application security in a digestible way at the point of download, they will have a clear understanding of how their data will be used. This can help mitigate security fears and build trust.
Bake continuous education into everything
Education is key to keeping security front of mind and ensuring best practice doesn’t become dated. With a vast proportion of cyberattacks facilitated by human error, businesses and consumers must be aware the threat landscape is evolving.
Providing a quick security test before a potential user is permitted to download an app, an occasional security reminder pop-up, and rigorous password conditions can all improve awareness of online risks, and lead to users taking proactive steps to better protect themselves online.
Create a work app balance
Applications are now widespread in the workplace thanks to the growing popularity of tools such as Slack, Wunderlist and Google Drive. Our research revealed similar levels of negligence in the workplace, but the consequences for businesses can be catastrophic.
A third of consumers we surveyed admitted their employer does not authenticate new downloads made on devices used for work, meaning no security process exists to stop employees downloading a compromised app that could put business data at risk.
Password security is another key area of concern with almost a quarter of respondents stating that it is not compulsory at work to change their password. Organisations cannot underestimate the importance of robust information security policies, strong and regularly changed passwords, rigorous access management policies and two-factor authentication to help to add an extra layer of security. A more vigilant attitude towards security needs to be adopted as the application landscape continues to expand into every corner of our lives.
The growing concerns revealed in the study demonstrate that consumers are no longer in the dark about cyber security risks, but there is still more that can be done to ensure best practice is consistently carried out.
Tristan Liverpool is director of systems engineering at F5 Networks
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.