6 Apps Your IT Guy Hates
The amazing thing about mobile apps, cloud storage, and living on the Web is that information is always at your fingertips. Unfortunately, often that means your data is not far from hackers' fingertips as well.
Here's a round-up of the high-risk apps that could be easy prey.
Everyone keeps picking on Dropbox, but to be fair, a number of cloud storage sites have similar vulnerabilities. According to Symantec, 75 percent of small companies have stored sensitive business documents (say, financials) on cloud storage sites. It's just too tempting. And, once you login on multiple devices, you open the door to hacking. A consumer-oriented site does not tie into your IT infrastructure. And that's a problem, especially in an age of lawsuits and privacy violations. My recommendation: Use something like OwnCloud.com to get more serious about secure storage. This service has the benefits of the cloud for easy access, but runs on your own server.
Skype seems so harmless--it is a powerful videoconferencing tool. Yet, if you store all of your business contacts in Skype and someone manages to break into your account, you're toast. David Moeller, the CEE of CodeGuard, says it is incredibly easy to hack into Skype. Someone just needs three to five of your contacts to input during the password reset process, any one of your email addresses used at one time, and your first and last name. Social engineering tricks--such as posing as a potential customer to get that info--mean hackers can compromise your business easier than you think. The solution: Use a more secure phone gateway like eVoice that is meant for business, or use Skype for Business.
Did you avoid hiring an accountant? That's a good way to save money--unless your online tax program is hacked. Security expert Steven Aeillo says many tax programs do not use a challenge-response system. (For example, to login to Bank of America, you always have to answer a secret question, identify an image, and enter your password.) In addition, he says these programs can generate a PDF of your financials, which can be easily stolen.
This user-friendly consumer finance app is great for managing your home budget and runs as an app on your smartphone. That flexibility and ease of use is compelling for a start-up. Maybe, too compelling: Many small businesses use it, according to Aeillo. The problem is that, despite frequent user requests, he says, Mint still does not use two-factor authentication (say, asking a secret question and for a password) to gain access. The popularity also makes Mint a prime hacking target. I recommend a tool like Freshbooks.com because it uses strong 256-bit SSL security.
5. Apple Siri
Wait, this can't be right! Siri is the powerful speech-activated personal assistant on the iPhone. As security expert Paul Hill at SystemExperts explained to me, many companies don't realize how Siri works or the consumer-oriented nature of the service. It's not exactly enterprise-grade. When you ask for directions to a meeting with a new investor, Apple stores the digital audio file on its secure servers. But it's not clear how secure the clips remain. Hill says Apple retains the files for up to two years. In other words, you don't have control over your own voice--you can't remove the clips or add extra security protections. Should that data fall into the wrong hands, you have no control over it.
6. Mailbox App
I'm a big fan of this iPhone (and now iPad) email app. But pay attention to the login process: it doesn't use two-factor authentication. And, unlike secure email systems, like Exchange Online that logs you out after a set period and requires a regular password reset, Mailbox is more consumer oriented. The big problem: Email is the portal into every other service. A hacker just needs access to your email to request password reset. Don't mess around with email security. I recommend a quick upgrade to Google Apps for Business.