Security Should Be Your #1 Priority in a Timesheet System
10 second intro
- Mobile apps are a security risk
- Corporate data including customer, employee, rate and project lists are at risk
- We explain how and why corporate data is at risk
- We explain what to do to avoid the risks
Secure Timesheet? Isn’t Every System Secure?
The simple answer is No.
Most software systems focus on functionality and ease of use, not security. This is a big problem as security is not something you can just add on, the system needs to be designed with a security-first approach from the get-go.
Do you need a Mobile App?
For most customers, the simple answer is Yes as the ease of use and accessibility is something their employees want. But did you know mobile apps are a security risk?
Why Downloaded Mobile Apps are Insecure
Downloaded mobile apps store data on mobile devices. If the device is ever lost or stolen, corporate data could be compromised. The first line of defense is the security of the person’s phone password, but many employees use personal phones with weak security, which means corporate data security is also weak. A common solution is to provide employees with company phones, but this increases costs dramatically, and much more than a truly secure system would cost. But in any case, there are still more risks with mobile phones.
Scary Fact: Mobile apps are vulnerable to hackers and security breaches
Research by Arxan, experts in mobile security, found that it took less than 10 minutes to hack into the top 30 financial sector apps, and they discovered 180 vulnerabilities! Demonstrating the vulnerabilities exposed by downloadable mobile apps.
Another report found “insecure data storage is the most common security issue in 76% of mobile apps”.
Importantly, hackers seldom need physical access to a smartphone to steal data: 89% of vulnerabilities can be exploited using malware. With mobile apps exposed to high levels of security vulnerability, corporate data is at considerable risk. Added to this, when Android and iPhone apps store data on phones, that can translate to the very definition of a mobile security lapse.
IT departments dedicate a considerable portion of their budgets to security, and in high-security environments, provide secure mobile devices to employees. However, it is common for employees to use their own mobile phones connected to business apps. In these environments, mobile devices provide a ‘back door’ and create a weak link in the organization’s security as the security of mobile devices is set by the employees that own the devices. Employees set the passcodes to their phone, the apps, and possible malware they download, and if the phone is lost or stolen, may not report it to IT security.
This puts all the data used by corporate systems that use phone apps at risk, and if your timesheet solution uses a mobile app, it is putting your organization’s customer data at risk.
So what’s the answer? How can secure timesheets for mobile be made?
The good news is Yes, but it needs a different approach.
The answer is to look at what is acceptable to Corporate IT security for desktop software.
For corporate desktop computing, cloud software is the most prevalent today. Cloud software is recognized as being more secure, more resilient, require less IT support than locally installed apps – especially when new versions need to be rolled out to users. In fact, applications that are downloaded and installed on desktop PCs or Macs are now viewed as out-of-date, high maintenance, and are rarely acceptable to IT departments anymore.
So why then are mobile apps downloaded for mobile phones and tablets when this same approach on the desktop is viewed as out of date?
“It has become second nature to just as if there is a (mobile) app,” explains Timewatch CEO Graeme Wright. “Few if any IT departments would let employees download and install desktop applications on unprotected personal computers, the risks are too great. Employees’ use work PCs that are secured by the company’s network, and the IT department manages installed applications, but many use Cloud software. Cloud software is recognized as secure and there are through various ISO & SOC2 standards that security can be demonstrated. When we point out that using this exact same approach for mobile connectivity ensures the same level of security as desktop apps, it is quite often a light bulb moment.”
So why do companies develop mobile apps if they are insecure?
“That’s an excellent question”, says Wright. “There are a few likely reasons. The first is that the public is used to downloading apps for the phones. It’s easier for Developers to deliver solutions in a familiar way. Once a product is developed for devices, it’s impossible to change it to be cloud-based, it needs a complete rewrite, and that’s expensive. Another reason could be marketing – mobile apps are sold via phone stores and suppliers like the exposure these stores provide. Additionally, it is much harder and more costly to develop a secure browser app that works with all mobile browsers. These combined give compelling reasons for developers to take the downloadable app approach rather than the secure mobile cloud app approach.”
Why did Timewatch create a secure browser timesheet app?
“A downloadable app just didn’t sit right with us. Computing has swung back and forth between centralized processing and distributed processing a few times over the years. It seemed a first-generation concept to go back to distributed processing on mobile devices rather than the centralized cloud server approach that was becoming more and more prevalent when the smartphone emerged. So we engaged with our customers. Interestingly, few customers raised security as a requirement, they were all so focussed on having mobile functionality, but when we asked if they would compromise security there was a resounding no! So prototyped both approaches, and could immediately see the security benefits of the responsive app approach, so that is the direction we took.”
Secure Timesheet – The Right Approach?
For mobile, the cloud can be just the same as it is for PCs and Macs – browser based. Most apps need access to the web to work anyway, and many personal systems such as Facebook, Netflix, Twitter, Gmail etc. all run in the mobile browser. Mobile business software solutions that run in a browser make good sense. They are inherently more secure. They are easier to manage as there is nothing to download and install, no updates or security patches for the IT team to manage, no data stored on the mobile device, no risk if the device is lost or stolen, and nothing to hack.
Our PC and Mobile applications are cloud-based browser applications.
There is nothing installed on devices, so no data to compromise.
Although technically a downloaded app is very different to a cloud app, the front end design concept is no different. The software needs to be designed specifically for touch sensitive, smaller screen size and reduced data usage that mobile devices demand. In web design, this is called ‘responsive’ design.
A responsive cloud based timesheet, meets all requirements: it delivers all the timesheet functionality users need on their mobile, it has all the same benefits of desktop cloud software, and of course avoided the security risks of of mobile apps.
“There is just no need to risk corporate data by using downloaded Apps,” says Wright. “With a well-designed mobile web app like Timewatch®, and the speed of phones on 4G, 5G, why risk mobile security by using downloaded and installed apps? Use a Cloud app, just like you would on a PC or laptop.”
“A personal phone may be the biggest risk to a company’s security,” explains Wright. “The Cloud affords better security with end-to-end encryption, and data storage is unquestionably safer in the Cloud than on a private individual’s phone. With our mobile web apps, if anyone loses their phone, there is no data loss as there is nothing stored on your phone. All corporate data is safe and sound in the Cloud.”
Click here (it’s safe!) for more information on secure Timewatch professional services products for your business.
1. ^ Arxan, Feb 5, 2020. Financial Mobile App Vulnerability FAQs (Now Digital AI, original document no longer available)
2. ^ Positive Technologies, June 19, 2019. Vulnerabilities and threats in mobile applications, 2019
3. ^ ZDNet, June 20, 2019. Three quarters of mobile apps have this security vulnerability that could put your personal data at risk
4. ^TECH Excactly, June 2021y10 Steps on How to Build a Successful Employee Mobile App
Timesheet app security and mobile app security
Timewatch’s OutlookTime is one of the best timesheet systems as it provides the highest level of security o desktop and mobile app security. Whereas downloadable apps store data locally, OutlookTime is cloud-based. With no data stored on the phone or tablet, it offers the highest level of timesheet app security.
Other posts you may be interested in:
Secure timesheets are important for your business or organization. Timesheets contain sensitive data, including customer, project, and employee details as well as cost rates, recharge rates, and competitive commercial Information which could be incredibly damaging to your business if it is compromised. There’s also the possibility of fraud through falsified timesheets. These can lead to monetary loss, reputational damage, widespread disruption, and delays in billing.
ISO 9001 is the International Standard for Quality Management Systems, addressing the principles and processes surrounding the design, development, and delivery of products or services. By participating in certification, Timewatch demonstrates its commitment to delivering quality products and services, and that includes secure timesheets.
Everyone wants simple right? But do they? You don’t need a simple, basic system to have easy timesheet entry. You can have a sophisticated timesheet system that has easier timesheet entry than a simple system, it just needs to be clever.
It’s something we can all agree on: completing timesheets is a chore, but it is an important administrative duty for organizations that need to track time. The good news is that time tracking can be made to be a faster, easier, and more efficient than your current process.
With Timewatch, your employees can prefill their timesheet from their Google calendar, and save hours each week. Google appointments already hold a date, start and end time, duration, subject, location & notes, why not use this data rather than type it all in again?
Outlook appointments already hold most of the information needed for a timesheet, why not let staff post it to their timesheet, and save them hours each week?
Teams is a great collaboration tool, and works perfectly in the more prevalent remote working environment we have now. Teams has all of the details of meetings, both internal and external, the exact same information that needs to be entered into a timesheet. Our new Teams integration lets employees turn their Teams meetings into timesheet templates, usable at the click of a button – increasing timesheet accuracy, reducing time taken to enter timesheets to seconds, saving around 2-4 hours a week – time that would be better spent on productive tasks.