

Timesheets hold sensitive corporate and customer data, and
Timesheets hold data that can be sensitive, including customer details, time spent and details of work done, and in some cases the internal cost and recharge rates involved. Aside from the legal and ethical issues, poor timesheet data security risks severe loss of goodwill and potentially loss of revenue. Although it is important for all corporate data to be kept secure, timesheet data and the security of timesheet systems is often overlooked.
One of the weakest aspects of timesheet security is mobile apps. Research estimates that nearly 80% of mobile apps have been hacked, indicating it is time to consider the security risks of mobile devices and take steps to ensure secure timesheet entry.
Although security in cloud software is extensive with SSL, SSO, data encryption, various standards and penetration testing commonplace, these security mechanisms and standards do not extend to mobile apps which are most installed on personal phones. Mobile apps often store data on the local device to support offline use and speed up online performance. However, this puts corporate data outside of the reach of the corporate security network, and if the phone is lost or stolen, sensitive corporate data is at risk.
In the desktop environment, the concept of downloading an application to use locally is recognized as a security risk and now rarely used. In contrast cloud software is recognized as more secure as no application or data is downloaded, everything runs off of secure servers in the cloud. So why do mobile apps use a methodology that is seen as somewhat archaic and a security risk in the desktop world?
Ease of use and price are most commonly cited as the highest considerations when researching timesheet solutions, and certainly it is cheaper and easier to create a mobile app. A better approach for a secure mobile timesheet is to use the exact same architecture as is used for desktop – a secure web application with SSL, SSO, data encryption etc. This is the approach recommended by independent security experts, and the approach Timewatch utilize for mobile applications.