Who has your data?

img_2014-09-18_Who-has-your-dataSECURITY

We’ve talked quite a bit about how vulnerable the browser is, especially if you connect to the Internet through free WiFi, and how easy it can be for bad guys to steal credentials and other sensitive information. If we widen our focus beyond the browser itself, we see that we give over this data, and much more, to third parties every day. It’s not necessarily a bad thing, but definitely something to be aware of.

Take a moment to think about the various tools you use to go through your day. If you’re in sales or any relationship management field, you may use a plug-in like Yesware or Streak to help keep a tab on relationships and manage a pipeline. You may use a mail client like Mailbox to help stay on top of the hundreds of emails you get each day. Perhaps you use any number of other apps, both mobile and browser-based, that cross authorize with services like Google or Facebook.

All of these services make your work easier. But even if they are free, they come at a cost. To function, these apps, add-ons, and extensions need access to your data and credentials. The price for convenient access to your data is the trust you impart that these 3rd-party services will keep that data safe.

These services may be a part of your day-to-day routine, and we’re not suggesting that you shouldn’t use them. But it is worthwhile to think about the exchange taking place and what precautions you can take to keep yourself safe:

  • Don’t use cross authentication: It’s tempting to spare the minute or so it would take to create a unique password instead of logging on with one click through your Google account. Bear in mind that cross authentication gives the provider access to your profile and network (among other things), which you may not want. And taking the time to generate a strong password can significantly decrease your exposure in the event of an account compromise. We shared more about strong passwords and cross authentication here.
  • Have the IT department install mobile apps: Often, users install apps on their phone without really understanding what data they are giving the vendor access to or who exactly the vendor is. Over the past couple of years, there have been several instances of malicious apps infiltrating even the Apple App Store. To minimize risks, IT should approve and install mobile apps to ensure that the app is legitimate.
  • User-installed browser extensions and add-ons carry big risk: There are thousands of extensions available for whatever browser a user prefers. Every installation requires that you give the extension some level of permission and access to your data. Having IT vet and approve extensions helps minimize the risks, although this may not be feasible in a BYOD world.

Plug-ins, apps and extensions can provide vital functions. They increase efficiency, give quick access to information and connect us to key business apps with the press of a button if not automatically. But that functionality comes at a cost. Being aware of the cost and taking appropriate precautions, even at the expense of some of the convenience, can make all the difference in keeping your -- and your company’s -- data away from the bad guys.

Scott Petry - Scott is Co-Founder and CEO of Authentic8. Prior to Authentic8, Scott founded Postini and served in a variety of C-level roles until its acquisition by Google in 2007.

Topics: Security