Jere Simpson, Founder and CEO, KITEWIRE Inc.
Everyone knows ads are annoying, but those little boxes and banners scattered around your browser window also hold the potential to seriously damage your business. Left unchecked, malicious entities can use ads to gather your data and use it against your enterprise and your employees.
Research Compliance, Get Owned
Researching “industry compliance penalties” increases the chances your organization will be targeted for penalties—unless you make the right choices about information security tools. Ill-intentioned advertisers can place their content alongside informative blogs about the compliance topic of the day. They then analyze traffic to determine the source of site visitors and determine that there may be compliance concerns at your business. By targeting companies that have a lot to lose from compliance penalties, criminals can threaten your organization with an anonymous compliance report unless a ransom is paid in bitcoin.
Let’s say you aren’t searching; rather, you are messaging colleagues about regulatory issues. SMS sniffing malware will detect it and report to those who wish to leverage this information against you.
Links sent via WhatsApp can also be revealed. Don’t forget that WhatsApp is owned by Facebook and Facebook makes its money by collecting your interests for advertisers. If your employees’ interests appear to be “GDPR compliance penalties,” malicious entities can purchase that information and, once again, pressure your organization.
Malicious ads can access your data via small chunks of code hidden within the ad, which connect to your server and find gaps in your security using exploit kits. There have also been recent cases of malware posing as advertising: ads impersonating legitimate companies have successfully hoodwinked users and gained access to sensitive data. Large companies including Comcast, Google, and Yahoo have all fallen victim to malvertising schemes, and the trend is growing.
Privacy intrusions can also get personal in ways that can damage your business. Unscrupulous figures can find out where your company has its next happy hour and consequently where your employees will be talking shop while intoxicated. They can find out when key players are going on vacation and potentially leaving work devices at their homes connected to easily exploitable wifi with no user there to notice unusual activity.
Holisitic Information Security
When it comes to protecting your enterprise’s data from corporate espionage, malvertising, extortion, and other threats, there’s no such thing as overpreparing. Safeguarding information and intellectual property across your network is essential. You need to block ads from collecting your data, cripple malware and SMS sniffers, hinder tracking and social-engineering attempts, and monitor the installation and permissions of third-party applications.
Network security benefits from the unified approach of engaging a mobile device management (MDM) solution and ensuring all employees and devices in your network are using an up-to-date version of the adblocking software you’ve chosen. An MDM solution also keeps your security automatic, meaning your employees can keep their focus on the business.
If you’re seeking additional protective layers, VPNs and mobile security products are good additions. The best practice is relying on a single comprehensive security solution rather than a fractured approach—make sure your security software works harmoniously to keep your data safe.
Your enterprise shouldn’t be restricted by the threat of security attacks, nor should your employees be hindered by endless security policies. They should feel confident using the web within your business network, and you should be comfortable with their use of personal devices. Keep the flow of your business safe and steady by being proactive in your approach to data security.
Come and meet KITEWIRE Inc. at stand N150 at Infosecurity Europe, June 5-7th, Olympia, London