Every modern company depends upon a variety of web applications to help them conduct business in a more efficient manner. However, given that they are web based business tools, they are vulnerable to cybercrime. After all, hackers go where the data (and money) is.
Application adoption and thus vulnerability varies by industry and intended use. For example, businesses hoping to streamline their financial tasks (accounting, etc.) may have looked to apps such as Gusto, QuickBooks, FreshBooks, Wave, and more. For mobile payments, PayPal or Square have been popular for many small businesses. When it comes to internal communications, a business may have considered Slack, Signal, Skype, and HipChat among others. Then there are organization / time-management apps such as Evernote, Trello, KanbanFlow and so forth. The point here, as that at any given point in time most businesses are concurrently using numerous applications and are therefore exposed to numerous vulnerabilities. Moving forward, a big part of your cybersecurity protocol will be to identify and secure vulnerable applications. We’re here to provide some insight.
4 Things You Need to Do to Reduce the Risk of a Business Application Breach
Use a Robust Virtual Private Network (VPN)
VPN technology was developed to allow both offices (etc.) and remote users to securely access corporate applications along with other web resources. When data travels through secure channels that require users to provide multi-factor authentication (password, token, and other form of unique identification) a robust VPN that restricts IPs can keep malicious outsiders from accessing a given application.
Choose Better Business Applications
Coding issues in applications lead to vulnerabilities. These may not be outright errors mind you, but because of a lack of budget, experience, and/or training in advanced threat prevention, developers may have delivered your business with an inferior and thus vulnerable product. The Open Web Application Security Project (OWASP) Foundation recently released its annual list of common vulnerabilities of web applications, which include the following:
- Cross site scripting
- Injection flaws
- Malicious file execution
- Insecure direct object reference
- Cross site request forgery
- Information leakage and improper error handling
- Broken authentication and session management
- Insecure cryptographic storage
- Insecure communications
- Failure to restrict URL access
To account for the above, any application your business adopts should be one born from software development process which is founded in secure design, threat modeling, secure coding, security testing, and best practices surrounding privacy. This foundation drives the requirements, design, implementation, and verification phases right up until the point of release, and must be completed by an incident response plan for security or privacy vulnerabilities that emerge after release. What we’ve just described, is the Security Development Lifecycle (SDL) of Microsoft 365, which offers enterprise security and advanced threat protection by leveraging artificial intelligence (AI) to offer real time protection for its applications, including the suite of Office applications such as Word, Excel, PowerPoint, OneNote, Outlook, Publisher and Access.
Of course, there are other secure options out there. Cloud based storage offered by G-Suite (comprised of Gmail, Google Docs, Google Sheets, Google Slides and more) delivers access to a wide variety of tools to allow your staff the opportunity to collaborate in real-time in a secure environment.
In summary, make sure your IT team does its homework when choosing software applications. To get you started, have a look at some of the top IT solutions (and applications) for businesses found here.
Update Applications in Real Time
That prompt you receive to update an application is not just one to improve upon UX. In fact, most software updates that come across your periphery exist to patch a vulnerability. Every day that you let pass without initiating the update is one where you’re exposed to a breach. No application is irrelevant or too small.
For instance, some small businesses use continue to use WhatsApp for internal communications. Last August, a researched from Google's Project Zero security team discovered a WhatsApp vulnerability that allowed hackers to take over the application when Android and iOS clients users answered an incoming video call. Well over a month went by before updates were issued, with the latest (iOs) arriving on October 3. To make matters worse, this week (Oct. 9) it is now being reported that WhatsApp has yet another new vulnerability that allows hackers to lock users out of their accounts and steal their messages. All of this is coming off of the heels of last week’s revelation that about 500,000 Google+ application users (who may be connected as Page Managers to your brand’s Google My Business account) have had their data exposed since 2015.
Even with GDPR and PIPEDA compliance looming overhead, you simply can’t assume that application providers will inform users of a breach in a timely manner, and may simply release an update to provide a vulnerability patch. The implications are clear. Windows, Apple, Google, 3rd party applications, IoT applications (for Smart Office devices, etc.) and any others that you use in the course of doing business need to be updated automatically with others monitored in real time for updates with action taken immediately upon receipt.
Seek IT Support to Secure Applications and Backup Data
In the end, the best way to identify and secure vulnerabilities in your business applications is to bring in a Managed Services Provider (MSP) with expertise in the IT solutions your company currently depends upon. An MSP can also make recommendations for apps that may increase your efficiencies while ushering in a new era of data privacy compliance and security. The firm should be proficient in advanced end-point threat protection that is backed by machine learning and artificial intelligence (AI) and can provide staff with training on secure application management, addressing items such as password management, multi-factor authentication, and more. To receive a security assessment of your current suite of business applications, contact Fully Managed today.