Mobile applications in fieldwork mean convenient and quick access to a range of information from a smartphone or tablet. Regardless of the device, customer data and other confidential documents must be adequately protected from unauthorized access, loss, or theft. We outline the key features and data protection practices of the Mobile Workforce.

Mobile Workforce application meets the global security requirements of OWASP (Open Web Application Security Project), a non-profit organization dedicated to popularizing best practices (Top 10 Proactive Controls) in web application security. By following these recommendations and taking advantage of the advanced security features, Mobile Workforce users can be assured that their data is safe and protected.

Here is a list of the security features implemented:

Device authentication

All mobile devices are subject to a process of verification for connection, download, and data transfer rights. Authorization blocks unauthorized people from using the app on unapproved devices. Even if they know the user’s login details, they will not be able to log into the app from an unapproved device.

PIN code security

The application can only be accessed by entering a PIN code, which may also be required when sending a report on a completed task. If the device is lost or stolen without knowledge of the PIN, unauthorized persons will not be able to access the application or the data it contains.

Two-factor authentication

Two-factor authentication (2FA) provides additional security during the login process, as in addition to the password, the user must provide an SMS code, a code generated by Google Authenticator, or use a dongle (e.g. YubiKey). Two-factor authentication protects against phishing attacks, in which hackers impersonate a legitimate website to steal login data. Even if the user enters their login details on a fake website, the hacker will not have access to the code or physical dongle, preventing them from logging into the account.

Secure communication

Data exchange between the mobile device and the server (office part) takes place via a secure SSL (Secure Sockets Layer) channel. Encryption protects the data from eavesdropping and unauthorized reading by third parties. SSL ensures the authenticity of the server to which the mobile device connects. The user is assured that he or she is communicating with the correct server and is not a victim of phishing or other types of cyber attacks.

Curious about how the Mobile Workforce application works in practice? You can check it out by taking advantage of the 30-day trial period.

If you have any questions – contact us. We are at your service.

Data encryption

Job data stored on the mobile device is encrypted using the AES-256 (Advanced Encryption Standard) blockchain method, which provides the highest level of protection for job data on the mobile application. AES-256 is an encryption standard approved by the US government and used by the National Security Agency (NSA) to protect secret information.

Audibility

The log records events relating to the application itself, device authorization, and communication between the mobile device and the server. Examples of the types of events recorded in the application:

• User logins and logouts.
• Adding, editing, and deleting tasks.
• Approval and rejection of reports.
• Synchronization of data with the server.
• Application errors and crashes.
• Login attempts and unauthorized access.

This information can be used to analyze activity patterns and detect potential abuse.

Integration with Active Directory

Administrative application user accounts can be integrated with Active Directory via the LDAP protocol, which provides several benefits in terms of account management, security, compliance, and user convenience. This is particularly important for companies that already use AD to manage user accounts.

Storage and deletion of data

The business administrator and the application user can delete all data stored on the mobile device and retrieve it again. Task-related data is automatically deleted after completion and reporting (based on a configurable parameter with a retention period).

Protection of personal data by the RODO

The security of the personal and financial data transferred and the suitability of the process is particularly important in the context of the regulations of the General Data Protection Regulation. The Mobile Workforce system complies with the General Data Protection Regulation (RODO) by the following:

• Users have access to the application after correct authentication and verification of authorizations (Article 32, recital 83). Relevant information resulting from the processing of personal data is logged in. The logged-in data is accessed by users with the appropriate authorizations (Article 5, Article 32, recital 83).
• Connections, data transfers, or exchanges of other information with application components are encrypted using SSL (Article 32, recital 83).
• Personal data have a defined retention period, taking into account the relationship between them, after which they are deleted or anonymized (Art.5, Art.17). An anonymization mechanism is available for this purpose from the web application and web services.
• The application shall support the anonymization of data after the restoration of the backup by providing an adequate implementation procedure and access to the anonymization mechanism (Article 4(5), Article 25, Article 32(1) and (2); recital 26, 28, 29).
• The implementation procedure supports the maintenance of effective technical and organizational measures to ensure the security of the processing of personal data (Article 32).

Implementing the aforementioned security features helps protect applications from a wide range of threats such as hacking, malware, and phishing. Protecting data and ensuring the security of confidential documents is critical to the reputation and success of any business.