Personal life and professional work are getting more and more intertwined. Keeping a balance between these two sides has become a daily challenge. With the rising adoption of a Bring Your Own Device (BYOD) policy in companies – which allows employees to work from their personal devices (PCs, smartphones, and tablets) – common consumer applications have inevitably found their way into the corporate world.
But the phenomenon goes beyond this situation: as a Symantec Report stated, 25% of employees use consumer apps of their choice to fill the functionality gap of apps provided by the IT department in their enterprise. Reasons for this ‘pro-sumerization’ of consumer apps are numerous: employees are more familiar with them, they are convenient, free, accessible from any device, and they enable users to work from home. However, uncontrolled use of consumer apps can be extremely detrimental to the business.
Here is a top 5 list of apps and potential related security/privacy risks they pose when used in the workplace.
Dropbox: Lack of Security in Transit
Dropbox is one of the most commonly used consumer apps for file sharing and collaboration. However, there is an inherent security risk if using it for corporate purposes. Dropbox encrypts data when stored on their servers, but it does not provide protection for documents when in transit or when shared outside of the service. Files can be stolen and easily read by a third-party using Man-in-the-Middle attacks. The hacker is able to siphon off all synced data in a user’s account without the user ever being aware. If employees are using Dropbox for work purposes then the attacker will automatically have access to this corporate information, and the resulting data loss is undetectable by the business.
Google Apps: Data Sovereignty Concerns
Today, organisations must know where their data is being stored to ensure compliance with data sovereignty laws. In some countries, and for some specific industries, regulations can dictate that information be stored in a specific country, and can ban it to be disclosed or stored overseas to avoid potential security and privacy issues. Companies which don’t comply to these rules, can be subject to regulatory fines or loss of revenues as contracts are cancelled. It is imperative that organisations be careful and take precautions to ensure that this principle is respected and that their employees do not put information in applications that would breach these data sovereignty rules. For example , loud services such as Google Apps have a large part of their data stored in the US and a consumer account used by an employee may not have its data stored in the appropriate jurisdiction.
Skype: Worm/Trojan Attacks
Skype is one of the leaders in voice communication software. It is often used for both personal and professional reasons. However, Skype is vulnerable to malware which can threaten a user’s privacy. Several worms and trojan horses, already detected by the Skype community, can infect a user’s system and create backdoors to all Skype audio traffic, grants access to webcams, monitors skype chat conversations, detect user location and can intercept any file sent over the network. If you use your personal Skype account for professional purposes, remember that you may be disclosing sensitive information that can be recorded by malicious outsiders.
Facebook: Social Engineering Scams
Using a personal Facebook account – or similar social media sites – while at work can be tempting. However, attackers will always target points of weakness, and employees are more likely to be distracted and an easy target for social engineering when using these sites. Facebook users can be tricked by social engineering attacks such as phishing attempts to obtain passwords or other personal information. Such information can be used to launch attacks against the user’s company. The malicious link can also be an access to authorize malware to enter and spread through the social media account and monitor it remotely.
WhatsApp: Lack of Enterprise Recording
WhatsApp is increasingly used for business purposes as a very convenient communication tool. Although WhatsApp now provides end-to-end encryption to ensure that messages sent between users cannot be read, the problem from a corporate point of view is that the communications sent over WhatsApp are not recorded. Also, once a message is sent it is out of the user’s control and cannot be retrieved. This means that WhatsApp or other messaging apps are not approved channels for business and putting corporate information on them causes compliance headaches for companies, particularly in regulated industries such as financial services.
One solution can be found in using a data-centric security approach. When the security is applied to the data itself, whether it be documents, VoIP or chat messages, it doesn’t matter which application is used to transmit that data because wherever the data, the security travels with.
Companies who invest in data-centric security solutions could allow employees the continued use of their preferred consumer applications in the enterprise, while maintaining protection of corporate data and compliance with corporate and regulatory requirements.
If you would like to learn more about APrivacy’s data-centric approach to security, please get in touch.
Digital Security Perfected – APrivacy Ltd. is an award-winning company which combines military-grade data security with a seamless user experience on any platform, any device, anywhere. APrivacy Ltd.’s enabling technology now allows the financial services industry to confidently communicate with clients using their favourite channels leading to increased revenues and reduced costs while meeting the strictest regulatory requirements.
