What are the information security apps

Clubhouse - What does the hype app mean for information security

Anyone who visits the relevant IT portals these days can hardly avoid an app: Clubhouse is currently the brightest star in the social network sky. We paid a visit to the clubhouse and are now trying to classify the new network in terms of its importance for information security.


Register now for our free webinar!

Emergency plan & awareness - better before an emergency!

Now free of charge Sign in
May 28, 2021 from 10:00 a.m. - 10:30 a.m.
Non-binding, free of charge and can be canceled at any time!



Information security & clubhouse - a good combination?

Information security is necessary wherever data is processed. It serves to protect against dangers and threats and to prevent damage. Damage can be monetary. But the loss of the “good reputation” can also result from a lack of information security.

Information security is also a tool for minimizing risks. Today information can encompass anything. It is a great opportunity, but at the same time a great difficulty, that information can now be combined in a wide variety of ways in order to gain new knowledge. And that's exactly where Clubhouse opens new doors for attackers.

Clubhouse is a place for stories

Clubhouse is an audio-only app. The podcast 2.0, so to speak, because there are not only speakers and listeners, but listeners can also be speakers and vice versa. Clubhouse is currently still an invitation only network: every: r user: in must be invited and every: r user: in has only two invitations to give. Without an invitation, no clubhouse.

Various articles criticize data protection at Clubhouse. The discussion here revolves around the uploading of contacts to the Clubhouse servers. But less about information security. Many companies will certainly pay attention to this - even if the terms and conditions of the exclusive app currently only provide for personal use.

Because stories are told and exchanged at Clubhouse. Live and uncut. The spoken word counts. There are no moderators or editors proofreading and checking the content again. Above all, there is no press department that checks whether certain information is allowed to be shared with (unknown) third parties.

The next information security incident is just a drop-in away

In the last few days we have been in different sessions and one thing stands out: The communication is very intimate. This is the goal of the platform and was achieved through the skillful approach of the developers.

This intimacy often seems to elicit secrets from the user. In the 10 sessions that we analyzed, the following sentences were among others:

  • "We are currently building the following for customer X: [innovative product]"
  • "I don't even know if I can tell you ..."
  • "This is very fresh, I am actually not allowed to talk about it ..."

or similar sentences. The often confidential information shared in this way can be heard by all listeners. Due to the real name requirement, which the users also largely comply with, it is often not difficult to find out the employer who would not have shared this confidential information.

Such information leaks are not new, but with Clubhouse they can be scaled further and have more serious effects on information security. The hurdle of telephone numbers should also be easy for attackers to circumvent.

Correct Dealing with Clubhouse - What Can We Do?

Digital platforms do not offer any mandatory identification options, especially for end users. That does not change Clubhouse either, despite the entry barriers and the obligation to provide a telephone number.

Every participant can record the conversations and evaluate them as desired. Confidential information got lost faster than some corporate security departments would like. Subsequent publication in forums could be a problem on the one hand. But even the option of recreating a voice with the help of recordings is no longer a science fiction scenario.

Confidential information that is shared there cannot be "captured" again. Employees must be trained not to talk about sensitive topics or information. Especially on Internet platforms that have to at least temporarily store data.

 


Categories 2021, Social Network