Cyber Security - Free Apps Come At A Cost

National Cyber Security Awareness Month

Free apps

October is National Cyber Security Awareness Month which we use as an opportunity for an annual campaign to raise awareness about cybersecurity. In week three of the month-long awareness campaign, we focus on the topic of “from the break room to the board room: creating a culture of awareness in the workplace.”

As a society, we are either too trusting of the Internet or just too busy to read the fine print. We have all heard the saying there is no such thing as a “free” lunch. This applies to “free” apps available for download on the Internet.

Here are snippets of the privacy policy from one such “free” app:
“You provide with access to your email account. From the contacts within your email client and "signatures" within email messages, we collect the following Information, if available, for each person: Name, Email address, Job title and department, Business phone numbers (general, direct and fax), Company name, Postal address of company, Business related postal address of person, Corporate website URLs, Social Networking URLs, Manager's Name and Assistant's Name. From the headers of your emails, we collect: The date the email message was sent or received and Email addresses, names and job titles of recipients and senders.” Basically when you download this “free” app you are giving away information about everyone in your address book. Would you download this app after reading carefully the privacy policy? There are many other examples of private information that you may be divulging when you download these types of “free” apps and hopefully in the future, we will all read the fine print before downloading any “free” app.

You may be asking yourself, “so why would I care about disclosing this private data?” Have you ever gone to and looked yourself up? They have your age, your home address, prior addresses and people you know. Additional personal details can be purchased as part of a premium service. Ever wondered how they get this information and keep it current? This is only one example of many as to how your personal information is being monetized by a third party while your privacy is compromised in the process.

NETSCOUT’s annual mandatory security awareness training is crafted to educate employees on these and other security related topics. While some employees may consider it a hassle, it is very important to complete this training. It incorporated the latest trends and most relevant security topics including new security risks that we all need to learn about. It is applicable even to the security professionals who sometimes think that they know it all. The Security Awareness training empowers us all to become more disciplined at not clicking on emails from people we do not know, or attachments from people we know but were not expecting.

I would like people who read this post to comment and share other privacy or security-related concerns associated with “free” apps. Think of your input as a public service to people that are either too trusting or unaware of the risks associated with misuse of private information by third party individuals and organizations.

Guardians of the Connected World