There are several web services that employees of small and medium businesses most frequently access while working, including YouTube, Facebook, Google services and WhatsApp, with some of these applications being the most exploited by cybercriminals as a springboard for phishing.
However, this list differs from the services that employers tend to limit for use on corporate devices, according to Kaspersky. While organisations can have different priorities and permissions for what web services can be used by their employees, it is still important to make sure they stay protected from any cyber-risks.
It is important for organisations to understand relevant threats and how they can infiltrate corporate endpoints – for example, through phishing in cloud services. Once a web service becomes popular, it may turn into a more attractive target amongst scammers.
For example, the TikTok app has gained enormous popularity over the past few years. It appeared to be flooded with fake accounts and scammers who are gradually improving their skills as the service rises in popularity. Protection from such scams and phishing attempts is crucial to ensure both personal user accounts and corporate data and devices remain safe.
According to anonymised statistics of events captured in a Kaspersky product, voluntarily provided by its customers¹, the top five web services employees access more often from their corporate devices include a video sharing platform, a social network, a mail service and a messenger: YouTube, Facebook, Google Drive, Gmail and WhatsApp – all leading services in their respective segments.
Unfortunately, these same web services are also exploited for phishing and other malicious actions. Kaspersky analysis² revealed the top five applications where phishing attempts were found most often: Facebook (4,5-million phishing attempts), WhatsApp (3,7-million), Amazon (3,3-million), Apple (3,1-million) and Netflix (2,7-million). Google’s offerings bundled together, including YouTube, Gmail and Google Drive, took sixth position with 1.5m phishing attempts. With the two lists sharing many of the services, these results only confirm the trend that popular applications have become valuable platforms for fraudsters’ malicious actions.
The product statistics also showed what web applications are most likely to be limited on organisations’ corporate devices. The top five most blocked applications only include social networks: Facebook, Twitter, Pinterest, Instagram and LinkedIn.
These decisions can be made for a variety of reasons, such as complying with data regulations, or in line with specific organisation requirements for social media use. And while it includes Facebook, which is actively exploited by scammers, it doesn’t include messengers, file sharing or mail services – probably because they are often used for working purposes as well as for personal needs.
“We can’t imagine our daily lives, and work, without different web services, including social media, messenger apps and file sharing platforms,” says Tatyana Sidorina, security expert at Kaspersky. “They allow us to communicate and share thoughts, ideas, images and inspiration – and this has become even more of a reality when the entire world has spent many months online this year.
“However, it is important for any organisation to understand where threats may come from and what technology and awareness measures are needed to prevent them. Businesses also need to provide their employees with comfortable use of services they require, so it is crucial to get the balance right. We at Kaspersky appreciate this and provide organisations with relevant protection tools and expertise.”