Inverifi logo

ISO 27001 Controls: Software Management

Privacy terms and policies

Your work computer probably has a bunch of restrictions in place. These restrictions probably prevent you from installing software. They may also block access to certain websites.

 

These restrictions can often be very frustrating. I remember encountering them on school computers. I would attempt to circumvent them in various ways.

 

Eventually, I just stopped using school computers. Quite often, the restrictions in place on them were really unreasonable, so I would just bring my own laptop to school, and use that instead.

 

As frustrating as these restrictions might seem, they are often necessary for compliance with ISO 27001 annex A controls 12.5.1 and 12.6.2.

Access to Data

Nearly all of the apps you use have some amount of access to your data – and once an app has access, it can do many things with this data.

 

If you use a traditional desktop operating system – think Windows, macOS, or Linux – then, in all likelihood, locally installed apps have access to all the files on your hard drive.

 

If we’re talking about apps that run on modern smartphones, or in your web browser, then, in general, each of those apps will only have access to the data you give it.

 

In any case, when you use an app, you need to ensure that its access to data isn’t problematic. If the data in question doesn’t belong to you, it is up to whoever owns the data to decide whether they consent to it being shared with a specific app.

Use of Data

So, why does it matter if an app has access to some amount of data? Take a currency converter, for example: You paste the company’s annual revenue in pounds, and the app gives you that value in dollars. What’s the big deal?

 

Well, you may think that the currency converter isn’t doing much with the data you’ve given it. In order to function, it only needs to multiply the number you’ve given it by an exchange rate – but is that all it’s doing?

 

When an app gains access to your data, there are ways it can make money from your data, which have nothing to do with the app’s core functionality.

 

One common way free apps make use of your data is through use of targeted advertising. You probably encounter this every day, and you might not even realise it.

 

When you watch a YouTube video, while signed into your Google account, the ads shown at the start are probably targeted to you. This may be based on your age, your gender, or where you live – or one of countless other factors.

 

Some people are alright with this, but some people consider this to be a violation of their privacy. If you’re part of the latter group, you should familiarise yourself with the privacy policies of the online services you use.

 

Some less trustworthy apps may use your data in more malicious ways. They might sell your personal information to identity thieves. They might use your internet connection as a proxy for conducting illegal activities over the internet.

 

If you’re not careful with the apps you use, and you don’t think about the data each app has access to, an app built with malicious intentions can do a lot of damage.

Conclusion

When your employer imposes all these restrictions on which apps you can use, they’re simply trying to prevent bad things happening with the data they control.

We’d love it if you signed up for a free account on Inverifi – but if you’re signing up on a work computer, please, make sure you’re doing so in compliance with your organisation’s policies.

More blogs you might like