These days, there’s so much existing software that helps us do our jobs and live our lives that it’s overwhelming. Every day we learn about something new that can improve our workflow, time management and more. But how do we know what’s useful and what’s just trouble in disguise? How do we make sure shiny new third-party apps won’t cause more problems than benefits?
Third-party apps vs. native apps
One of the main security risks with this new software is third-party applications. A third-party application is an app that is not created by the manufacturer of a device. This is different from a native app, which is developed by the manufacturer. So, if Apple develops an app for the iPhone, it is a native app. If someone else develops an app that runs on iPhone, it is a third-party app. Same for Facebook—apps that are not developed by Meta (formerly known as Facebook) are considered third-party and will often ask your permission to access your Facebook data.
There are three types of third-party apps:
- Applications created for official online app stores (like Microsoft AppSource or Google Play): These applications follow strict criteria for development and publishing and are often vetted for issues like malware.
- Applications offered through unofficial websites: These apps are usually offered via websites not affiliated with the manufacturer of the device. They are not vetted by manufacturers.
- Applications which connect with another service: This type of application is not downloaded. Instead, it piggybacks off another installed app and asks for permission to access the information you’ve given to the other app. A good example of this is Facebook games.
The risk of third-party apps
There are varying levels of threats associated with each type of third-party app. The official app stores pose the least amount of danger due to their development criteria and vetting process, but no store can guarantee that all applications sold there are safe. It only takes one bad apple to compromise your data.
Unofficial third-party app stores may sell good apps, but they are more likely to have applications infected with malware. They can also sell what appears to be common, safe apps at lower prices than the official store. However, these apps can have ransomware or adware injected into their code that you cannot see.
The risk of the third type of app that connects with another service isn’t malware. But when used, you’ve permitted it to view sensitive data from that point forward. So long after you’ve played that quick game, the company is still mining your profile for potentially sensitive data.
The risk for your business
As you can see, the biggest problem with third-party apps is ambiguity. You don’t honestly know if an app is malicious or helpful at first glance. It takes much research and time to determine if an app is coded with malware, even if you’re an IT professional. For someone without IT experience, it takes even more research and time.
What happens if malicious third-party apps slip through?
What if someone doesn’t do their due diligence, and a malicious third-party app downloads onto your network? What kind of malware could make its way into your system, and what trouble could it cause? Here are a few examples.
- Trojan horse: A program designed to breach the security of a computer system while ostensibly performing some innocuous function.
- Keylogger: A computer program that records every keystroke made by a computer user, especially in order to gain fraudulent access to passwords and other confidential information.
- Adware: Software that automatically displays or downloads unwanted advertising material when a user is online.
Not worth the risk
As the keeper of your businesses’ data, you can’t afford to rely on your employees taking steps to ensure that any third-party app they download is safe. Just one mistake could cost you your data, reputation, clients and more. So the safest thing to do is to ban third-party apps altogether. But how can you do that?
Office Protect helps you control third-party apps
Office Protect is here to help. With the setting “Do Not Allow Third-Party Integrated Applications,” you can make sure no employees are integrating third-party apps into Microsoft 365. For example, when this setting is in effect, an end user without administrator privileges would not be able to integrate Salesforce Lightning to their Outlook.
A note about third-party integrations for Microsoft 365
There may be some confusion about what me mean when we say “third-party integration”; we’re talking about any software developed by non-Microsoft sources, and which requires permissions/access to any information that’s in your Microsoft 365 tenant.
For example, say a user likes Salesforce and wants to integrate Salesforce Lightning with their Outlook (so that they can look at their contacts, leads, and accounts associated with their emails without leaving Outlook), this is an example of a third-party integration since the app is made by Salesforce.
How to turn on the setting
To enact this feature, just access the settings from your Office Protect “Set” page. Go to the setting, and then flip the toggle switch to “on.” You will see the security impact (high) and the user impact (medium).
What else can you do with Office Protect?
Implementing cybersecurity may seem daunting, but there’s good news: the simplest solution also happens to be the most efficient. Office Protect provides baseline security for your Microsoft 365 tenants with a foolproof set-it-and-forget-it approach. Think of it as an invisible cheat code that’ll take care of all the monitoring 24/7 and only alert you if something suspicious comes up. This way, you can sleep soundly knowing cybersecurity’s been checked off your to-do list and focus on more pressing priorities for your business. Become a Sherweb partner to get started, with the option to take Office Protect for a test drive first!