Consumer Grade Apps Are A Business Security Risk

• Content
• News
• Consumer Grade Apps Are A Business Security Risk

13 February 2019 | Updated 19 February 2019

32% of organisations use consumer grade Apps such as WhatsApp, SMS and Skype for business communications. Over two thirds use these Apps regularly every day and over a third use the Apps to discuss sensitive and confidential topics.

An Armour Communications survey highlighted this alarming lack of awareness around mobile following its Mobile Communications Survey which also asked respondents to select from a list of different well known technologies, hacks and viruses which could be used to target mobile phones - nearly half (44%) answered incorrectly.

David Holman, a director at Armour Comms said: “We see stories in the press on a regular basis about data leakage, and sensitive customer data that is hacked by criminals. yet, for most organisations managing how their staff are using their mobile phones remains a challenge.

"Consumer grade Apps, where the user has little control of what happens to their data, are often downloaded and used within organisations for sharing sensitive information, almost by stealth because the IT/security department has no visibility of the Apps being used.”

Risks

While viruses and malware on mobile phones are rare, tools for eavesdropping, such as IMSI catchers are increasingly within the reach of criminals that want to spy on others.

Accordingly to the latest research by Ponemon, organisations have a nearly 28% chance of having a data breach in the next two years.

In another report, social engineering is involved in over 90% of data breaches, where people are tricked into doing something, like clicking a link or providing data, to someone impersonating someone else.

Wi-Fi

Another pitfall for the unwary mobile user is Wi-Fi which is often not as secure as people assume.

All of these type of attacks are particularly easy to do with mobile phones where standard network encryption can be poor to non-existent, due to outdated infrastructure that is in parts over 40 years old and probably no longer fit for purpose. This makes interception of mobile calls and messages much easier than it should be - and the user would be totally unaware until it was too late.

“In our experience, end-users don’t deliberately put data at risk. They simply want to get on with their work - and extra security can cause an issue. The survey results highlight that many organisations are unaware of the pitfalls of using consumer grade Apps for sensitive corporate information, whether that is intellectual property and trade secrets, customer information or details of commercial transactions,” concluded Armour's Holman.

Picture: One third of businesses allow employees to use consumer Apps to discuss sensitive and confidential business matters.

Article written by Brian Shillibeer | Published 13 February 2019

Share

Related Articles