According to Forbes, 92% of all online retail apps “are actively leaking sensitive customer information.” The popular purchasing app, BuyVia, was recently found to have 15 vulnerabilities, transforming it into a prime target for cyber criminals. Since this discovery surfaced, the app has disappeared from the Google Play Store.

It’s not just retail apps that are deployed despite shoddy security features; apps designed with travelers in mind rank in second place when it comes to inadequate app protections. Forbes reports that two-thirds of travel apps may unintentionally expose sensitive information to prying eyes. At the root of many of these app security issues is a lack of encryption. Among the 250 most popular mobile apps, weak encryption riddles 45% of them.

Companies that mandate a Bring Your Own Device (BYOD) policy are at the greatest risk. Workers then retain enterprise-owned data on the same device where they freely download the coolest (and perhaps not the most secure) app of the day, or apps that blend work and pleasure, such as travel apps.

To help mitigate a catastrophic corporate data breach, if your organization has a BYOD policy, remind employees to take these three simple steps.

  1. Tell employees to research apps prior to downloading them. A scan of Google results may toss up red flags indicating that an app has previously compromised personal or enterprise data privacy.
  2. Recommend that employees delete unused apps. Many apps do not see use beyond a few months, but these very same apps may continue to extract sensitive information from a person’s phone.
  3. Suggest that employees block advertisers from tracking their phones. The general public can easily download ad-tracking blockers from the app store.

For more tips that can assist you in keeping your mobile data and your employee’s mobile data secure, visit The Wall Street Journal.