How Popular apps with a dark side may open the doors of destruction for your organization before you have had a chance to even grab your morning coffee.
I did not want to be so dramatic, but I could not help but be completely honest as well. The end possibility is that your entire organization may suffer the fate of Sony Pictures, target, Anthem and others who have been shaken by hacks and vulnerabilities in their networks. In some cases it has been analyzed that hackers sat in for months stealing data, until they chose to tell everyone about their presence. That's probably one of the reasons that websites like WikiLeaks are constantly able to churn our documents after document that is exposing one thing or the other.
Without supporting any of these and staying neutral, enterprise IT does face a daunting task of protecting the fort from everything and out there. It's not that Enterprise IT is not doing their job. The fact remains that end users within organizations are causing a huge disruption by adding consumer level apps to their work life.
With the advent of BYOD and a harmless Wi-Fi connection to your work internet, is all that is needed once I show you how hacks are happening.
Document Sharing Applications
Consumer grade application such as Google Drive, Microsoft Sky Drive. Box.net, Dropbox and others are amazing applications. You get a tremendous amount of storage space online, they integrate with your android or apple phones and essentially provide a high level of convenience, for the consumer. In the business environment, they open up a loophole that's an IT department's nightmare. Apps like drop box within an enterprise keep a door open for anyone that a document has been shared with. Once employees leave the organization they may still have access to the links, which even if encrypted would render them useless for other users.
On the other hand consumer EFSS (Enterprise File Sync & Share) applications like Box are vulnerable due to its ability of not being secure. Yes, the right encryption at multiple levels may reduce the impact. The same goes for Google Drive and others. Mind you we have still not discussed anything about a Private or Public cloud. The public cloud framework is excellent, but may not work where you are hesitant to share documents on a server which is not private. Overall document management, EFSS and consumer grade solutions pose the highest risk for any organization.
The problem is also that multiple users will create accounts and use different solutions, so its not uncommon to see users within departments uploading documents on multiple file sharing websites.
Social applications such as Facebook, Twitter and WhatsApp are changing the way we communicate. I use all three for different things and I can't get enough from all of them. Although highly useful, many of such applications may pose a risk to your organizations security in many ways.
For social media users it's more a matter of policy and to be able to get users to follow protocol when in their corporate environment. Twitter & WhatsApp are apps that need more of IT usage policy and governance for sharing links, documents and other enterprise digital assets. Of course add on applications on Facebook may not offer the highest level of security and in fact may be a loophole for spammers and malware cybercriminals to get into your organization and take away from the productive time your employee could have.
The effects of malware on employee productivity are highlighted in the Ponemon Institutes Research Report mentions that Phishing Scams can cost an average organization as much as $3.7 million in lost productivity time.
Games are addictive and I personally don't believe that we should stop playing them. We do need to put some careful attention into being selective with the games we download. Here is an example. While angry birds may have been one of the most popular games of all times, a Chinese version of the game has been reportedly infected with the XcodeGhost Malware. Some of the other games on the Apple China store includes over 25 more games and apps that have been compromised by the malware. This is just one incident where a vendor took responsibility.
There could be many more examples that we don't even know about yet. Using any affected app on a smartphone or device that is being used in the enterprise environment opens the doors to malware spreading to other machines and devices. The potential threats could be opening up of ports, time activated viruses or opening the doors for cybercriminals to sneak in.
Where to go from Here
Determining and securing all risks to the Enterprise at an IT level is a challenging task. This is constantly being made more difficult through decisions and vulnerabilities that employees are making, most of the times in all good faith, but without the right information. Unfortunate the cost of such actions sometimes costs us millions of dollars in undoing the damage.
For IT managers it's a challenging time ahead as our technology mix evolves to be more complex and for users a time to reflect upon what they use and why. There is definitely an ever growing need to end users and policy makers to work together and collaborate for a more stable and stronger organization.