Best Practice Update

A mobile phone with lots of apps held in a hand.  The word fake in navy on an orange background.  Data Protection Education logo

Why Due Diligence is Important: Fake apps

We recommend completing due diligence on any third party suppliers that you share personal data with.  We recommend that you do this BEFORE purchasing, installing and using the product to share information.  Our Knowledge Bank platform has a Supplier Due Diligence Best Practice area to help with this and lists many suppliers that we have done some generic risk assessments on.  Ensuring due diligence is part of your procurement process for apps means that someone is less likely to download a fake app.
Having due diligence as part of your organisation's procurement procedures, where you can then have a list of 'approved' apps and programs helps to prevent fraud, data breaches and identity theft.  If staff are unable to sign up/download apps other than through an IT centrally controlled program then the risk is much lower.

When the fake app is a Password Manager app, then the risk is very high as hackers will likely have all of your passwords to your legitimate apps.  Malwarebytes Labs has recently reported that Password Manager LastPass has warned about a fraudulent app called 'LassPass Password manager' which it found on the Apple App Store. The app closely mimics the branding and appearance of LastPass, right down to the interface. So, even if the name was a “happy accident” it seems clear that this was a purposeful attempt to trick users installing the fake app.  The full report:Warning from LastPass as fake app found on Apple App Store.

Fake apps represent a significant threat to your digital security and privacy, having best practice around downloads in an organisation can help reduce the risk.  

Are apps included in your third party supplier due diligence checks, with an approved download list for your organisation?

Invalid Input


Amazing, you have ticked off an important item on the supplier due diligence checklist and reduced your data breach risk:

For further help and guidance and access to the full checklist, please contact This email address is being protected from spambots. You need JavaScript enabled to view it..




Your organisation should have completed some due diligence on each supplier or third party that you share personal data with.  Contact your data protection lead or DPO for further advice.

Clipart cartoon with headphones on Please contact us for more help and advice about data protection compliance and cyber security standards: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice. 

 


Try asking the data protection lead in your organisation, or SLT digital lead or contact your DPO:

We can provide help and guidance with data protection compliance, cyber security standards and records management: This email address is being protected from spambots. You need JavaScript enabled to view it. including the full checklist and best practice.

Search