Pay Attention to Smartphone Security

Insurance Journal's Tech Talk column is made possible in part by the generous support of ITC

Digital security concerns related to the safety of computer systems and use of the Internet are a much discussed topic in this Tech Talk column. But what about the security of smartphones?

Now the go-to communications device for most of us, smartphone risks gets less play for a reason – hacking incidents and breakdowns are infrequent. They do happen, however. And as agents rely on them to do business just as insurance buyers demand, the risks will increase.

Agents should be concerned with three security issues when it comes to smartphones. The first involves the security of the device, the second covers the app’s security and the third deals with the security of the app’s code.

“Device security is more of a matter of personal choice,” says Matt Aaron, founder of a mobile app for agents, https://goinsuranceagent.com. “Some people lock their phones, others do not. If one does not lock the device, there is the potential that any data on the device can be accessed.”

Mike Howe, senior vice president of product management at Applied Systems, stresses that in many cases, the smartphone does not store data so much as it accesses data that is stored elsewhere.

“It’s important to know the difference,” Howe says. “In our case, we are not storing and delivering information on the phone itself. There is not a database of policy or private information on the device. We are able to securely draw and transmit that information from a secure server and then render it on the phone or tablet. The data is only viewed locally – not stored locally.”

Howe says it’s important for agency management to know which staff members have access to what information through their smartphones.

“System governance is determining information access and safeguarding on who should see what,” he continues. “For example, an agency can provide access to prospect and client information for producers through a mobile app while away from the office. The agency has the option to show just client and prospect information – client policy details, contact information, documentation, recent activities – that is transferred directly from the agency management system. The intent is you want that person to be armed with the exact information that they need in that moment, removing the need to carry paper files or call back to CSRs in the office.”

With regard to security of apps, Aaron says that “if a device is locked, all apps have an additional layer of security in addition to the login an app may require. But many apps do not have a forced or timed logout because it would make accessing the app in a time of need more difficult. But logout and sign-in capabilities are there if a user wants to take advantage of the features. It all comes down to personal choice.”

The last area of concern is security and reliability of an app’s code. In other words, how can you know for sure if an app contains malicious code, whether or not it is intentional?

Apple device users trust Apple to protect them. Android users must rely on third-party software such as “Lookout” to scan the apps as they are being downloaded from the Google Play Store to provide that additional level of protection.

A serious app threat surfaced earlier this year from flashlight apps. Many versions request more personal information than necessary. One such app tries, without warning, to take control of the phone by requesting “superuser access.” Once installed, the flashlight app places shortcuts on the home screen, and when tapped, the app triggers prompts to install other apps, which was not good, experts say.

When considering an app to install, Aaron suggests doing simple research to find out the name of the developer and their physical location. If you can’t find that information, consider the app suspicious.

Topics Agencies