With the rise of remote work and BYOD (bring your own device) policies, it’s becoming increasingly important to consider the security of any app or software employees are using. Often employees may not be fully aware of the apps they are frequently using are following safe and secure data handling policies.
One recent example of these sorts of popular apps is Lensa AI. It has gained a lot of attention for the ‘magic avatar’ feature it offers, but does it come with any potential security or privacy concerns for organizations?
Lensa AI is an app that creates artistic renditions of users who submit pictures of themselves to the app. It has recently become very popular in app stores and has become one of the top-grossing apps in the US. The software behind these “magic avatars” is powered by a text-to-image generator that has been trained on very large datasets of publicly acquired images and data.
While the avatars are of high quality, it’s always important to consider the security implications when any employee is using them.
To generate custom avatars, users are asked to submit a batch of images of themselves, and, once the images have been submitted, Lensa AI then generates a collection of unique avatars created by its AI algorithm. It’s this specific fact that has come under scrutiny from some privacy advocates who fear it could potentially be used to misuse user data without their consent.
This may have huge cybersecurity implications if, for example, this data were to fall into the hands of malicious actors. With facial recognition being used more frequently, having a database of faces can be devastating if managed improperly.
Some areas of concern for any apps that employees might be using frequently include:
Employees should always make sure to read the privacy policies of any app they are using and opt out of any data collection they are uncomfortable with.
Where data is stored can also be a major security concern, particularly if a company stores data outside of its business location. For example, if a company stores data in a 3rd party datacenter it may run the risk of data falling into the wrong hands if its security is breached due to not having full control over cybersecurity at the location.
Concerns specific to the storage location of the collected data may be:
All of these pose very valid concerns for employers. Employees should be aware of these potential issues before using any app or software on their devices that may compromise their employer’s cybersecurity efforts.
What does the developer do with the data they collect? What third-party services might the data be shared with? If data is being shared with third-party services it can pose numerous security risks and could potentially lead to the data being exposed or sold to malicious actors.
On a positive note, some companies have processes in place to ensure that data is only shared with authorized personnel. However, employees need to be aware of the extent of the data usage to prevent any unfortunate cybersecurity security incidents.
Organizations must remain aware of apps that may compromise security. Having a “quarantine list” of apps and educating your employees about the potential risks of using apps like Lensa AI will greatly increase the probability of success in your cybersecurity efforts.
Employees should be informed to always take the necessary precautions before sharing personal information and should always opt out of any data collection that they are uncomfortable with.
Digital Crisis is here to help your organization evaluate the security of any remote software or application your organization may be considering.
Digital Crisis provides customized managed IT support with the tools you need to make informed decisions about the security of your organization. We assist businesses in operating smarter, not harder.
Contact us today!