Business Technology

Five ways your apps are putting you at risk

5 min read

29 June 2016

The use of both mobile and cloud applications has become increasingly common in the workplace. Where once applications were firmly in the realm of the consumer, the collaboration, flexibility and productivity boost on offer means businesses have adopted them wholeheartedly. But with great benefit, also comes great risk.

The way that we use apps means that they make for a relatively easy hack for cyber criminals. Users often have a lax approach to online hygiene – using the same password for multiple accounts, without two factor authentication.

At the same time, accidents happen, with users accidentally clicking links they shouldn’t or uploading the wrong files to the wrong place. In order to protect the company, businesses need to know what the risks are to then put solutions in place to mitigate them.

(1) Smart people do stupid things

File permissions are hard! It’s really tough to make sure that files are set-up so that people only have as much access as they need to get their jobs done. Now with so many cloud apps, there are more and more file permissions to manage. As a result, the most common reason for data being leaked is errors on the part of employees.

Organisations should build a computer incident response team, not a security operations centre

(2) Phishing

The email avalanche generally means that most business users send and receive more than 120 emails per day. Every cloud app we sign up for only increases the load and, as a result, spotting a dodgy email is harder than ever

It just takes one person in the company to click a bad link and end up sharing their credentials with a criminal, giving them access to the system.

Continue on the next page for the three remaining areas of risk you should be aware of.

Image: Shutterstock

(3) Tumbling hacks

The recent publication of LinkedIn’s breached database of usernames and passwords has set off a swathe of tumbling hacks. Tumbling hacks rely on the fact that most people reuse passwords – depending on who you ask between a half and a two-thirds of people will reuse a password across multiple cloud apps.

Once a criminal knows a username and password for one site, they can try their luck on all the other common sites. The recent LinkedIn breach has seen follow on attacks to Twitter, GitHub, and GoToMyPC.

(4) Cloud backups

Cloud storage is a fantastic way to access data across multiple devices, as well as a quick and easy backup system. But the answer to “What’s the worst that could happen?” is someone accidentally deleting the folders on the website, and this deletion syncing to every device.

Aside from accidental deletions, having all the data in one central place means that if your cloud storage account gets hacked, criminals can copy the data, delete the central source, and then hold your data to ransom.

Read more on enterprise apps:

(5) Dodgy apps

These days it’s pretty easy to make an app or a website. This means that things like those little flashlight apps for your phone can actually be doing a lot of scary stuff.

People generally don’t pay much attention to the permissions the app requires, particularly when it’s something as basic as a flashlight, and give cyber criminals access to the whole device.

Researchers recently found malware in more than a hundred apps on the Android-based Google Play store, so it’s easy to download. We instinctively trust Google, so the presence of the app on the store implies that it’s safe but it isn’t, and more vigilance is needed.

Ed Macnair is CEO at CensorNet

Inside out: How the real threat to your company’s security lies within.