You're familiar with malware, and you know how to spot a phishing email. But have you heard of bloatware? Although it's not as well known, bloatware can also saddle your business with serious cybersecurity risks. Here's what bloatware is, why it's dangerous, and how you can prevent it from compromising your company's sensitive data.
What is bloatware?
Malicious software can be designed to carry out nearly any sort of task. Ransomware holds data for ransom until a fee is paid, spyware stealthily peers at your online activities, and old school computer viruses were notorious for simply laying waste to computers and the data on them. Bloatware, by contrast, merely seems annoying at first. It appears in the form of unwanted and potentially harmful software that a manufacturer or even your cellular carrier has loaded onto your device before selling it to you.
There are several different kinds of bloatware. Trialware, for example, might offer you a free trial of the software for a limited period of time before badgering you to purchase a license. Adware is another common form of bloatware, interrupting you with pop-up ads while you're trying to get some work done. Manufacturers may also pre-install system utilities and applications that you don't particularly want to use.
As the name suggests, bloatware can slow down your device and make it sluggish. Unfortunately, even if you're not using any of the bloatware at all, it still consumes a certain amount of system resources. And so, as a result, you may find yourself with a shiny new device that doesn't actually perform very well. Although you didn't ask for the bloatware, you got it – and now you have to figure out what to do about it.
Why is it dangerous?
Say, for argument's sake, that you don't really mind if there's extra software lying around on your device. Is it really that big of a concern? Unfortunately, yes. Unless the company that installed the bloatware on your device can verify that it is free of vulnerabilities and will stay that way well into the future, it could put your business at risk of a man-in-the-middle attack or digital surveillance at some point. And in that scenario, any data that device can access could be made visible or even accessible to a bad actor. This includes customer data, intellectual property, or other sensitive information that could seriously harm the company if it were revealed to the public in a data breach.
Supply chain attacks, in which bad actors find their way into corporate networks using vulnerabilities found in third party software, are one of the most serious threats facing businesses right now. According to the Verizon Data Breach Investigations Report for 2022, supply chain attacks were responsible for 62% of system intrusion incidents that year. So as much as businesses don't want to deal with yet another cyber concern, bloatware should be on the list alongside the other threats that IT and security teams spend so much time warning their colleagues about.
How can businesses prevent it?
As with other cyber threats, you must first know how to identify bloatware in order to address it. There are a few telltale signs to keep out for when determining whether a piece of software is, in fact, bloatware. First of all, if you don't know what it is or how it got on your device, then you'll want to take a careful look at it. If the application implores you to make a purchase, that's a definite red flag. Pop-ups are another tell-tale sign of bloatware. It may also be difficult or impossible to use, and removing it from your device may be a lot harder than it should be.
How can you delete bloatware? Oftentimes, your IT team can use mobile device management (MDM) software to find it and remove it. If you're an individual user who has administrative privileges on your device, you might be able to remove it yourself, but some bloatware will try to trick you into visiting fake websites and using fraudulent removal tools that could also harm your device and compromise the business. So just to be safe, it's best to ask your IT colleagues for help in getting rid of any software you suspect might actually be bloatware.
At a high level, your business should consider combating bloatware by including anti-bloatware policies in its cybersecurity strategy. This way, IT will have guidance on how to deal with the bloatware it might find on devices that have just been purchased – ideally, before those devices are given to users. If your company has a Bring Your Own Device (BYOD) policy, IT will also need a game plan for how to handle bloatware on employees' personal devices. Likewise, it's a good idea to include bloatware in your regular security awareness trainings. That way, along with the usual tips on how to spot phishing emails and avoid making password mistakes, everyone at your company will learn how to deal with bloatware, too.
Get rid of bloatware and keep your data safe
Bloatware seems harmless at first, but it's not so innocent. At best, it can make your device run slowly or sluggishly. At worst, it can contain vulnerabilities or outright malicious features that compromise your business and its sensitive data. By looking for bloatware on your company devices and educating users on how to identify it, you will not only be able to rid your business of an annoying productivity drain, but you will also be able to better protect your business from serious cyber threats.
Discover how LastPass provides proactive security for every entry point.