COVID-19’s impact on Cyber security: is your team safe?

When you download an app and it asks to access your contacts, location, and other information, it seems harmless enough, right? Surely the app will only use your data for its stated purpose, and only when needed? We all know that is not the whole truth. However, with COVID-19 forcing your workforce to embrace new practices of remote working you need to ensure your team’s business data is safe and your cyber security is too. Cybercriminals around the world are capitalising on this crisis, and your employees may not be aware. WHO reports fivefold increase in cyber attacks, urges vigilance, according to the article some 450 active WHO email addresses and passwords were leaked online along with thousands belonging to others working on the novel COVID-19 response.

According to a ScienceDaily article, “7 in 10 smartphone apps share your data with third-party services.” As the article warns:  “More than 70 percent of smartphone apps are reporting personal data to third-party tracking companies like Google Analytics, the Facebook Graph API or Crashlytics. When people install a new Android or iOS app, it asks the user’s permission before accessing personal information. Generally speaking, this is positive. And some of the information these apps are collecting are necessary for them to work properly: A map app wouldn’t be nearly as useful if it couldn’t use GPS data to get a location. But once an app has permission to collect that information, it can share your data with anyone the app’s developer wants to – letting third-party companies track where you are, how fast you’re moving and what you’re doing.”

The article also finds that the problem is not just limited to cell phones and tablets:

“Tracking users on their mobile devices is just part of a larger problem. More than half of the app-trackers we identified also track users through websites. Thanks to this technique, called “cross-device” tracking, these services can build a much more complete profile of your online persona.”

Another article, “Your Apps May Be Selling You Out” by Mondaq, sounds the alarm as well. The authors write that many of us likely aren’t aware of the degree to which our information is shared with advertisers and other third parties when we sign up for various apps. The principle is simple enough:

“If you have ever downloaded a ‘free’ app, you may have pondered how the app’s creator can maintain a financially viable company by giving away its product. The answer soon becomes evident when an advertisement pops up, interrupting your interaction with the app. The less obvious answer may come to you when you uncomfortably wonder how the ad that just popped up somehow relates to the items you browsed on Amazon a few days ago. Coincidence? Probably not. This happens because, in addition to selling advertisements, app creators may also access and sell information collected from your phone to allow advertisers to customize the ads they send to your device.”

How can people reasonably expect to solve this dilemma, and protect their privacy? How can organisations help their teams protect themselves? Short of changing laws, the answer is to be more vigilant in monitoring downloaded apps and our security settings. Follow this advice:

• Don’t give apps permission to access your personable information. Most app stores require apps to gain permission before using your location, camera or using other information. If you deny the apps these permissions, your personal information should be safe from their grasps.
• Check the permissions you have granted your existing apps. You may be letting them access personal information without even realizing it (even for apps you don’t use!).
• Don’t sign up for apps on websites, especially ones you don’t know or trust. You have more protection when they are downloaded through a popular app store.
• Delete apps that you don’t remember downloading or no longer need/use.
• Consider adding security and privacy apps that scan your phone to help you find security risks. In other words, apps that police your other apps!

Unfortunately for those of us who frequently use mobile devices and are now working-from-home because of COVID-19 the odds are stacked against us when it comes to controlling and protecting our personal information. The best we can do is be aware of the risk and try to minimize it as best as possible. And to support new laws and regulations that aim to protect consumers and their privacy in all aspects of our “online lives.”

It is important to remember that the same principles that apply to protecting yourself on mobile devices and elsewhere also apply to protecting your business. Just as you must vet your apps, websites and other content to make sure they come from trusted sources, it is also critical to thoroughly check third party partners and perform background checks on potential and existing employees to ensure that your organization doesn’t face unseen risks from fraud and corruption.

CRI Group offers an entire suite of expert services focused on protecting your organization through proper pre-employment screening and background checks. These protections include:

• Employee Integrity Due Diligence
• Personnel Vetting & Pre-Employment Background Screening
• Vendor & 3rd Party Screening

Staying one step ahead of any critical risk to your organisation is part of being an effective business leader. Contact us today to get started on implementing a robust program that will serve you well for years to come. Get your FREE QUOTE now!