Organizations handle the security of the sensitive data poorly are bound to lose trust—and that’s a huge risk to their survival. Data compliance regulations and the penalties of noncompliance are making companies more aware of the sensitive data they collect and share, and how they secure it.
GDPR, CCPA, and other data protections laws ensure industry-wide privacy regulations, so companies need to be more aware of what data they keep and how it’s stored. App owners need to understand the data they have on all their users. And they must communicate to the user how the data is will be used, including third-party usage.
Checkbox compliance does not mean that you are holistically secure, but it is a good first step to ensure that you’re doing due diligence to protect sensitive data.
The National Institute of Standards and Technology (NIST) offers specific, security-focused guidance on how organizations can minimize their mobile app risks. Over the last few years, NIST has been updating its app-vetting recommendations to emphasize the need for security and privacy built-in by design. The NIST Privacy Framework provides recommendations and best practices on how organizations can ensure the security of mobile applications.
As business owners, app developers, and members of a security team, we can do better. Let’s practice what we preach to protect sensitive data, stay in compliance, and continue to invest in platforms and services that help secure applications, networks, and devices. It’s time to take mobile security and data privacy seriously.