Businesses are lapping up mobile and cloud applications faster than iPads get snapped up at an Apple flash sale. Buoyed by seeing the impact applications have had on the lives of consumers, businesses are keen to benefit from the collaboration, flexibility and productivity boost applications bring. But they come with a serious risk warning.
For a start, the way we use applications make them an easy hack for cyber criminals. Users can sometimes have a lax approach to online hygiene – using the same password for multiple accounts and not using more sophisticated authentication methods can put app security at risk. At the same time, accidents happen, with users accidentally clicking links they shouldn’t or uploading the wrong files to the wrong place. In order to protect the company, businesses need to know what the risks are before putting solutions in place to mitigate them.
1. Smart people do stupid things
File permissions are hard! It’s really tough to make sure that files are set up so that people only have as much access as they need to get their jobs done. Now with so many cloud applications, there are more and more file permissions to manage. As a result, the most common reason for data being leaked is errors by employees.[1]
2. Phishing
The email avalanche generally means that most business users send and receive more than 120 emails per day.[2] Every cloud application we sign up for only increases the load and, as a result, spotting a dodgy email is harder than ever. It just takes one person in the company to click a bad link and end up sharing their credentials with a cyber criminal, giving them access to the system.
3. Tumbling hacks
The recent publication of LinkedIn’s breached database of usernames and passwords has set off a swathe of tumbling hacks. Tumbling hacks rely on the fact that most people reuse passwords – depending on who you ask, between a half and a two thirds of people will reuse a password across multiple cloud applications. Once a criminal knows a username and password for one site, they can try their luck on all the other common sites. The recent LinkedIn breach has seen follow on attacks to Twitter, GitHub and GoToMyPC.
4. Cloud backups
Cloud storage is a fantastic way to access data across multiple devices, as well as a quick and easy backup system. But the answer to “What’s the worst that could happen?” is someone accidentally deleting the folders on the website, and this deletion syncing to every device. Aside from accidental deletions, having all the data in one central place means that if your cloud storage account gets hacked, criminals can copy the data, delete the central source and then hold your data to ransom.
5. Dodgy apps
These days it’s pretty easy to make an app or a website. This means that things like those little flashlight apps for your phone can actually be doing a lot of scary stuff. People generally don’t pay much attention to the permissions the app requires, particularly when it’s something as basic as a flashlight, and give cyber criminals access to the whole device. Researchers recently found malware in more than a hundred apps on the Android Play store, so it’s easy to download. We instinctively trust Google, so the presence of the app on the store implies that it’s safe but it isn’t, and more vigilance is needed.
Much of what organizations can do to make their use of apps less risky is just common sense. Making users more aware of the risks, educating and training employees on good habits and how to eradicate the bad ones, iron-clad authentication – these are all tactics that form the part of a good security strategy. You’ll never be risk free – but there are myriad things you can do to really improve your chances.
[1] Based on the Verizon Data Breach In Review (DBIR) 2016 report Miscellaneous Errors was associated with the largest amount of data breaches, contributing roughly 18% of breaches.
[2] In 2015, users sent and received 122 business emails per day on average, according to the Radicati 2015 Email Statistics Report.