MOBSTR provides peace of mind to leading charity Brainkind
Hybrid working is the new normal in many organisations. Nearly three-quarters (72%) of UK employers now offer total flexibility in where their employees work. However, a more flexible workforce is not necessarily a more secure one, as Brainkind’s Director of Digital discovered. He found that employees were using unvetted clinical applications on both work and personal devices, potentially putting patient data at risk.
Fortunately, MOBSTR provided the peace of mind that any mobile apps used by the charity pose no security risk to the organisation.
Mobile devices are a potentially serious security risk for organisations of all sizes. Yet they represent a growing attack surface that many IT leaders are only just coming to terms with. Malicious or unsanctioned applications are particularly dangerous. They can be legitimate applications that feature vulnerabilities which threat actors can exploit. Or sometimes malicious developers hide malware in legitimate-looking apps. The result could be data theft, digital extortion or worse.
Google claims to have prevented 2.28 million policy-violating apps from being published on Google Play in 2023. But many more sneak through. And sometimes users download apps from unofficial sources.
The Director of Digital was keen to gain more visibility into his organisation’s mobile app estate, across the 63 users in the company.
“What really triggered a need to understand our apps was the discovery of a significant number of clinical apps being used on both mobiles and tablets on work and personal devices within the organisation,” he explains. “Mobile apps were being used without any kind of qualification, verification, or testing, especially from a security perspective.”
Keen to vet these apps for any security risks, the Director of Digital reached out to security partner Vambrace, which recommended a new mobile security assessment and ratings platform: MOBSTR. The SaaS-based offering uses AI and sophisticated reverse engineering techniques to scan for vulnerabilities, privacy issues, malware and other risks—as well as providing 24/7 monitoring and alerts.
Suitably impressed, the Director of Digital signed up as an early adopter.
“Deployment was seamless and the product is very easy to use,” he explains. “Training on the platform was second to none, with constant feedback from MOBSTR and the technical staff about ongoing usage and how to get the best out of the service.”
The decision to deploy MOBSTR immediately paid dividends. After scanning the clinical apps that employees were using, one was highlighted as a high risk due to a vulnerability which could have been exploited to exfiltrate health data.
“Immediate steps were taken to lock down and block the app, and we subsequently ensured our BYOD policy was brought up to date,” the Director of Digital continues. “We enforced the removal of untested or unapproved apps from work mobile devices and ensured they are not accessible for use in our organisation on personal devices.”
The end result means Brainkind can ensure its employees are able to deliver the best possible care to patients, without worrying about cybersecurity risks.
“Having worked on our cybersecurity posture for the past three years, MOBSTR gives us the peace of mind that mobile apps cannot compromise our internal networks,” the Director of Digital concludes.
The relationship with Vambrace continues to grow, with MOBSTR having been recommended across the NHS Trust as an essential tool in reducing the mobile attack surface.
Contact us now