September 19, 2017

Phony Android apps threaten Financial Services

Wallet, keys, phone – this trio of essentials goes everywhere with us: dog walking, shopping, down the pub and of course to work. But out of these three it’s the mobile phone that’s making the biggest inroads into our lives and as a result into the world of crime. With a surge in the number of people using mobile banking and connecting their mobile to access corporate systems, hackers are increasingly turning their attention to mobile devices and finding new ways to tap into the sensitive data they hold.

Google’s Android operating system has been the victim of the most recent scare. Researchers at Bluebox Security found that hackers could create a fake identification code which allows them to pose as an existing, reputable app and access user information. This places online banking, work email and other data at risk, and raises questions as to how employers can or should manage their employees’ mobile usage – especially as many people use the same mobile phone for work and leisure.

Google has since released an open source patch, provided its Android device partners with a fix and scanned all apps submitted to Google Play. But it’s only a matter of time before yet another security threat hits the headlines. You may recall that US retailer Target was recently hit by one of the biggest data breaches in history. Half a million sites were also affected by the Heartbleed bug, one of the biggest security issues to have faced the internet to date. The government’s recent $680 million investment in cyber security demonstrates just how seriously they are taking the issue.

FCA registered companies in particular need to ensure they are doing everything within their powers to protect their data and follow the regulatory requirements set by the FCA. This means having robust data protection processes that not only prevent hackers from stealing data but also those that inhibit virus and malware infection. Failure to do so can seriously compromise brand reputation and lead to hefty fines.

Of course, no company has an impenetrable system and despite your best efforts to keep your IT system clean the hackers find new innovative ways to get in. As we have seen in the past this may mean shutting a system down while you investigate an attack or trying to repair infected or corrupted data. All of which takes time and can seriously affect business continuity. However, downtime can be dramatically reduced and data loss avoided when companies take precautionary measures such as:

  1. Using continuous backups during the day with the ability to go back to restore systems in time slices, so that a clean data set can be restored from pre-attack data
  2. Having an effective disaster recovery solution that can be invoked quickly in the event of a full system shutdown
  3. For those using virtual networks, where data corruption can be replicated around the system, ensuring that there is a vigorous backup and disaster recovery regime

Contact us for advice on protecting your data. You can also download our white paper on FCA Data Compliance.

For a FREE assesment of your data protection and business continuity please call 0800 45 44 35.