Security outfit Armour Communications has warned organisations to stop using consumer-grade, free apps when handling sensitive or commercial information.
Armour director David Holman said that for those with jobs where security is paramount, for example, journalists, humanitarians, activists or special services working in unfriendly regimes, a phone that has been hacked via an app could put lives at risk. For others, the risk of an individual’s private information or financial data being accessed will damage an organisation’s brand integrity and share price.
Holman said that the recent WhatsApp hack was an example of what happens when a consumer-grade app ends up being compromised.
“This latest case of a serious vulnerability in a consumer-grade app highlights the dangers of using free apps, and that they are not robust enough for business. While such apps claim that they are secure because they are encrypted, there is so much more to security than just encryption. Encryption is rarely the weakest link, and therefore, unlikely to be targeted by hackers.”
He said that this particular exploit might have been to target people with specific jobs, but there were everyday hacks that can be executed relatively quickly by low-level criminals against these types of product that put users’ data at risk.
He warned that GDPR breaches were a risk to every type of business and came with significant fines.
In 2018, German automotive supplier Continental AG banned its workers from using the messenger services WhatsApp and Snapchat on company phones, due to concerns about GDPR compliance and general security.
Holman said: “These free apps proliferate by stealth through organisations, unless firms take decisive action, like in the case of Continental AG last year. There are enterprise-grade apps available that provide the same convenient user experience of consumer-grade apps while keeping the user in control of their data and metadata.”