Businesses are reminded to ensure that all apps they deploy which access critical data comply with their security policies. Taking these measures enables business teams and leaders to use these apps to monitor market or consumer behaviour and make informed decisions, while protecting data from leakage or unauthorised access.

As businesses come under pressure to deploy in-house and third party apps quickly to remain competitive, it may be tempting to loosen or bypass security policies. However, doing so may compromise data protection measures and breach compliance rules.

Where existing policies do not cover usage of sensitive data by new apps, businesses should immediately extend their policies to address this omission. Apps should not be used until they satisfy the risk management and other compliance requirements of the extended policy.

Apps that potentially access business data include email clients (computer programs such as Microsoft Outlook or Mozilla Thunderbird that enable users to access and manage their emails), tools for syncing data across devices and apps for reading files such as PDFs on smartphones.

Ensure security regime covers Bring Your Own Device policies

Enabling employees to access and manipulate work-related information on their personal devices can also deliver productivity and usability benefits. However, this access may increase the risk of a vulnerable app or device accessing sensitive data and giving malicious individuals an opportunity to steal or misuse this information. This increased risk needs to be carefully considered and appropriately managed. For example, many ‘bring your own device’ policies require employees to run an approved anti-virus product on their smartphone, tablet or laptop.

Be wary of overseas data transfer

Another consideration when using apps to view and manipulate business-critical data is that this information may be moved to data centres overseas. Many apps use offshore or privately held servers to perform computations. For many businesses, this may breach data ownership and security policies. If your business has policies that limit the transfer of information overseas, you would need to research and approve any app that accesses your data before clearing it for use. Many apps do not specifically state where they process the company information they use.