Your Enterprise information leaks into Facebook and other Social Networks

Being an unstoppable wave that needs to be accommodated and supported in enterprises, the combination of BYOA (bring your own apps), cloud services and social networks involves a lot of data security risks for your enterprise!

While risks are rising, flexibility, efficiency and productivity gain from such technologies and make it worthwhile to embrace the advantages. In order to be able to benefit from the positive impacts of BYOA, companies need to solve various security issues first. With employees connected to corporate data and working on the go, naturally that puts additional strain on the network and raises concerns.

Did you know that Microsoft’s Social Connector to Outlook permits integration with Facebook and others? (Gartner, 2013) 1

The Outlook Social Connector is a plugin that syncs social networking feeds with your Outlook contacts, giving you immediate data on what they are doing and thinking.

“During the Outlook Web App and Facebook Connection setup, the contacts in the user’s default folder are uploaded to Facebook as part of a one-time synchronization with Facebook.” (Microsoft, 2014)

So what does that mean for you?
Basically that means that any Facebook connected app (e.g. Candy Crush Saga) can access your corporate address book!

contact_access1

Using file sync and share applications can also put sensitive personal information, and potentially sensitive corporate information, at risk.

The Gartner Report which was published in 2013 even states, that ”by 2017, 40% of enterprise contact information will have leaked into Facebook via employees’ increased use of mobile device collaboration applications.”1

Take Dropbox for example: Dropbox is used to share files online, including business files. There are many add-ons and Dropbox Apps which are very useful for your company and other apps that make daily life more convenient for users.

By installing DropTunes for example, users can stream music files through their website which is not possible on Dropbox itself. Once the app is linked to your account, you can view all the music files on your Dropbox with Droptunes ‘ online music player on your mobile device.
Sounds good right? But there is a catch!

 

droptunes_access

 

Add-ons like DropTunes will need access to your files at Dropbox to provide you with the best experience.

By using your Dropbox App for storing company data and listening to music, corporate data can leak and can painfully harm your business.

 

 

droptunes_access-01

 

There are many other useful Dropbox add-ons that can be used for various uses from bringing all your cloud services together to apps that allow you to automatically print documents with your Dropbox.

However, DropBox and Facebook are not the only online services used by employees. The same applies to Box, Google, Microsoft Live, LinkedIn, Twitter, Instagram and additional services.

What are you going to do with apps that can access your company’s address book, calendars or files?
There are a lot of weak points when dealing with employee owned devices and the adoption of cloud services and social networks. Protecting the devices themselves does not guarantee prevention of data leakage. It is very important for companies to actively protect their online assets and know which risks are associated with which apps and what information certain apps acquire on the cloud and on devices. Enterprises should be able to discover, analyze and control these apps, understanding the associated risks and enforcing policies.

1. Top Technology Predictions for 2013 and Beyond, Gartner

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s