With the increasing use of mobile devices in the real-estate industry, there is a heightened risk of data breaches that can cause wholesale disruption of an organization's ability to function and may even prove crippling to smaller businesses. But while security professionals are largely focused on combating malware, there's good evidence that the greater threat to real-estate enterprises comes from another source altogether - leaky apps.
We recently examined 100 popular apps in a variety of categories, testing them for man-in-the-middle and SSL attack vulnerabilities, whether they stored passwords and other sensitive data in their memory, and other common security concerns. Our study found that 60% of apps received a "High" risk rating in one or more categories. None of these were apps anyone would normally consider dangerous or risky - typically even their creators were unaware of the vulnerabilities built in to their apps.
Apps are a booming business and in the rush to compete, security testing often takes a backseat to speed-to-market. With consumers mostly unaware of the security issues any app might present - and without a watchdog body to help make them more aware - app developers are under no real pressure to make sure their products are secure before release.
The danger is that one unsecured app on a single employee's phone can act as a gateway to loss of your company's financial information and customer data. Property managers, brokers, title agents, developers and appraisers could have large amounts of sensitive third-party information on their devices, which makes them a rich target for attackers. In a 2012 study of 56 companies, the companies were found to average 1.8 attacks per week per company, and 80% of data breaches happened to enterprises that did not rely on the internet as a core part of its business.
It's key to remember that whatever information your company's employees can access from their tablet or smart phone is also potentially accessible to the bad guys. Ignoring the dangers leaky apps represent means exposing your company to loss of data, loss of customer trust, violation of regulatory statutes, and ultimately, loss of revenue. The average cost of remediating a successful attack is $8.3 million - a number that is projected to rise 10% by 2016.
The good news is that there are steps you can take to protect your organization by proactively assuming a defensive posture. The real key is visibility. Mobile devices and apps should be proactively monitored to make sure they are updated with the latest operating systems and versions. You need to know how sensitive information is being stored and accessed, and where it is being sent. You need to be able look for patterns of behavior and anomalies that may indicate suspicious activity.
Allowing employees to utilize mobile devices can provide greater flexibility, increased productivity and better employee morale. Smartphones and tables have become indispensible for agents and others often on the go for much of their day rather than seated behind a desk. But for all the advantages these devices bring, they also come with unique risks that require new security strategies. Real estate professionals need to know the very real threats associated with leaky apps and take proactive steps to mitigate those risks.
 The CEO and Co-founder of viaForensics (www.viaforensics.com) Andrew Hoog is a computer scientist and mobile forensics researcher. He has two patents pending, and is the author of two books on mobile forensics and security. |
