Apps are pretty big business which means, of course, that they’re being watched more closely by attackers than Frodo and Sam were by the Eye of Sauron. Businesses are increasingly learning that they are of interest to attackers – the hard way, in a lot of cases sadly – but what might not be as clear is where the attackers are slipping in. Tech is growing at a crazy rate, but the flip side is that so are the ways attackers can get into our systems.
Apps are mega business – I’ve got to a point where I literally have to delete all five videos of cats wearing bread on their heads every time I want to download a new one – which means that attackers are finding more devious ways of using them as an open window into a business; especially if the business doesn’t have a strong Bring Your Own Device (BYOD) policy. But October is Cyber Security Month, which means that it’s time to firmly close those windows against the storm.
Problem one is this idea of BYOD. How many of you use your personal devices for work, and vice versa? Cybersecurity firm Imperva recently asked one of its banking clients to have a guess at how many apps its staff were using; they estimated between 75 and 100 in total. WRONG, anonymous banking firm; it was nearly 800.
Next, think about the things you agree to when you download an app – you might see the shortened version (I agree to let the app access my camera, photos, location, contacts etc.), which is scary enough but how many of us actually read the fine print? It would take about 765 years to read all the small print we’re asked to read in our lives so it’s understandable (NB: not actual figure but probably close enough).
With lackadaisical BYOD strategies and so many people using the same passwords for multiple accounts, you’re often giving attackers carte blanche if they exploit a flaw in one app or even get you to download a fake one from the start.
“It’s a mission-critical problem if you don’t know which third-party apps have access to your data,” says Ryan Kalember, senior vice president of cybersecurity strategy at Proofpoint.
A perfect, terrifying storm. So, how can we protect ourselves? A lot of this comes down to educating staff on the risks, and employing good security practices. Figure out what is and isn’t okay to download to company phones. Have strong security measures in place like encryption . Stay on top of current threats (UKFast clients can sign up to our security newsletter in their MyUKFast portal for the latest news, tips and advice). Monitor your solutions and have strong, unique passwords for different accounts, otherwise you could be facing the business end of a very un’appy experience.
Make sure you know the score when it comes to security; take a look at our website for the security solutions on offer at UKFast.