Why You Need To “Know” If Employees Are Using Cloud Apps
One of the biggest data loss risks that companies face today is the growing popularity and availability of cloud based applications.
These applications can be used by any of your employees and they share huge amounts of data that fly under the radar of your security team.
The danger lies in face of the fact that these cloud applications are also prime avenues for exposing sensitive or regulated data to third parties.
To make matters worse, it’s very difficult to keep cloud apps secure because of the sheer number of employees in your company using them. It’s even more difficult to detect data misuse, because it can be hidden within the huge amounts of data stored in these apps. This makes the monitoring, identifying, targeting, and flagging of specific apps crucial to keeping your company’s data safe!
To help you, below is a list of cloud apps (and reasons why they are high risk) that every organization needs to know about.
CLOUD APPS:
Skype can be a dangerous app for your employees to use because it is easy to hijack a Skype account through the user’s email address. Once a hacker has access, data is vulnerable and any account that has had previous credit purchases can be used to activate auto payments.
Your sales team may use Yammer an Enterprise Social Network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is a secure, private social network. Yammer is used for private communication within organizations or between organizational members and pre-designated groups, making it an example of enterprise social software. The Vulnerability Laboratory Research team has discovered multiple critical Vulnerabilities in the Microsoft Yammer Social Network which make it vulnerable to unintended data interception.
Despite being one of the most popular cloud storage services in the world, Dropbox does not offer the same level of security as an enterprise level solution. The service is designed for personal and small business use and employees using Dropbox to store corporate documents outside of the enterprise level security could be leaving it vulnerable to more sophisticated attacks.
In March 2015, a new ransomware attack called “Pacman” was identified that uses a phishing attack and utilizes Dropbox as a delivery mechanism. It only takes one click to infect a workstation and the victim has 24 hours to pay the ransom in Bitcoin.
As a consumer based cloud storage service, Google Drive suffers from some of the same security concerns as Dropbox. Google recently announced a greater focus on cloud security in their applications, but the results of that may still be further down the road. In contrary, in November 2014, Google Drive was exploited in a sophisticated phishing attack where cyber criminals published a modified version of the legitimate Google Drive login page to steal email credentials from users.
MyPCBackup is one of the most popular backup solutions for Androids. However, this automatic backup app can be extremely dangerous for your employees who have access to sensitive materials. Firstly, if your employees access company files on a device with MyPCBackup, they may not realize a copy is being uploaded to the cloud. Secondly, the sheer amount of data being stored makes it extremely difficult to detect data misuse.
Your employees may download LogMeIn to their work Computers to make it easier to work from home or access their stations remotely. Unfortunately, LogMeIn opens them up to remote access that could potentially harm your systems. While remote access is a good way to make your workforce more efficient, it should be carefully secured and monitored by you.
Your employees use tools like Snagit to easily take screenshots or screen recordings of their work or job functions. Unfortunately, if they are using their personal Snagit account, the pictures they take on your secure work network will be accessible from their unsecure home network as well, leaving your company’s data vulnerable.
Do any of these apps looks familiar?
They should, because they are being used in your organization whether you have approved them or not!
It’s important to note that while employees may not be using these cloud apps to intentionally leak data (for the most part, anyway). They are simply using them for convenience to get work done. In the absence of “business grade” file sharing and collaboration tools, cloud apps such as these are a necessity.
The problem occurs when they are used to “conveniently” store and transfer highly sensitive data like credit card numbers, social security numbers, health records and other types of IP. From there, you’re only one weak password or lost device away from a potentially crippling data breach. These cloud apps are easy to use, but they are even easier to breach!
Of course, the initial knee jerk reaction from you and many organizations just like yours would be to discourage the use of these apps (which most do) or to block them outright. While this makes sense in theory, blocking apps sets a bad precedent and quite frankly, face it or not, it hampers productivity!
A more practical, simple and inexpensive strategy would be to implement an enterprise software such as KnowIT that provides out of the box alerts and notifications of all installed applications and the ability to monitor the digital communications across Android, iPhone, Windows & Mac.
KnowIT is a cloud based employee monitoring, productivity and attendance solution that does not require any upfront investment!
To get going in minutes visit: www.digitalendpoint.com