Latest news with #OneDrive
Miami Herald
4 days ago
- Business
- Miami Herald
Popular cloud storage service might be oversharing your data
A friend recently told me that the artificial intelligence she uses occasionally asks her: "How is your baby?". That is what happens when you share personal information with an AI. The chats become weird and perhaps scary if you actually believe AI is sentient. Even if you don't believe AI is sentient, I assume you wouldn't want it to have access to your banking data. Would you? Don't miss the move: Subscribe to TheStreet's free daily newsletter Having your data in "the cloud" has become the norm. It does not matter whether you use an iPhone with iCloud or an Android with Google Drive; your device is almost inevitably connected to a cloud service. It probably makes you feel your data is safer because even if your phone is destroyed in an accident, it is still in the cloud. The convenient sharing of files must be the "killer feature" for photography lovers. Once companies figured out they could make more money by selling their software "as a service", instead of selling it as a product you pay for just once, we got into the wonderful world where we can't avoid using so-called webapps. Good examples are Slack, Trello, ClickUp, Zoom, and, of course, ChatGPT. Yes, Slack can be installed as an application, but it is actually just a browser with one tab open and a lot of makeup. These services often offer integration with cloud storage services so you can share some of that data with them. Microsoft CEO Satya Nadella said in October 2015: "More than half a billion people manage their documents and photos in OneDrive." As the company does not release usage data, that 10-year-old quote from Computerworld is the best available estimate of the number of OneDrive users. It is probably a lot smaller than the real number. Related: Palantir gets great news from the Pentagon Because Microsoft (MSFT) doesn't give any data specific to OneDrive, we have to rely on the data for Microsoft 365 products. Here are some interesting numbers from its earnings report for Q3 of fiscal year 2025: Revenue was $70.1 billion and increased 13% year over income was $25.8 billion and increased 18% 365 commercial products and cloud services revenue increased 11% 365 Consumer products and cloud services revenue increased 10% YoY. Again, we don't have the exact numbers, just the total revenue, but the revenue from 365 services is growing steadily. Considering how much money it is making and that many businesses are using it, OneDrive must be very secure, at least that is what you'd expect. When two apps have "integrations", we can say that both of the apps "integrating" represent non-human identities working together. Oasis Security is a private company specializing in the management and security for non-human identities. Non-human identities are any software process, application, service, or machine that can interact with another. On May 28th, they published an alarming research paper on Microsoft's OneDrive. Oasis researchers discovered that whenever you upload files from your OneDrive to a web app like ChatGPT or Slack, OneDrive's file picker requests read access for the entire drive. This means that even when you upload a single file, the app gets access to all your files. More Tech Stocks: Palantir gets great news from the PentagonAnalyst has blunt words on Trump's iPhone tariff plansOpenAI teams up with legendary Apple exec This is the scenario where if you have banking documents on your OneDrive and you intend to give ChatGPT access to some unimportant text file, as a bonus, it gets access to the banking files, too, and whatever else you have there. And the best part-the permissions are valid for at least an hour. The company estimated that hundreds of apps are affected, not just the ones mentioned. According to Oasis, they reached out to Microsoft, "which took note of the report and may consider improvements in the future". If you use OneDrive, you should check which apps have access to it and revoke any suspicious apps. Oasis provided instructions on how to check your personal OneDrive accounts: Log in to your Microsoft the left or top pane, click on "Privacy".Under "App Access", select the list of apps that have access to your the list of apps, and for each app, click on "Details" to view the specific scopes and permissions can "Stop Sharing" at any time. Consider that an Access Token takes about an hour to expire regardless of when you clicked stopped sharing. This would however revoke a Refresh Token if present. Overall, when protecting your data, think deeply about giving apps access in the future. Related: Analyst resets Nvidia stock price target after CEO slams U.S. chip policy The Arena Media Brands, LLC THESTREET is a registered trademark of TheStreet, Inc.
Gizmodo
4 days ago
- Business
- Gizmodo
This HP Touchscreen Laptop for 73% Off Comes With Microsoft Office Plus a Ton of Accessories
That 10-year-old laptop of yours is on its last legs. Replace it with something faster and newer that you'll get more expanded use out of. The HP 2025 touchscreen laptop is a super versatile option that can fulfill a lot of the needs of pretty much anyone, be it you're a student, small business owner, or just someone who wants to go online with something other than their phone. HP has its 15.6-inch touchscreen laptop with Windows 11 Pro installed on sale for 73% off, bringing it down from its listed price of $2,400 to just $650. Additionally, it comes with a lifetime license to Microsoft Office Professional Plus, a USB hub, 128GB USB stick, mouse, and mobile phone magnet holder. See at Amazon Immersive Touchscreen Experience The HP 2025 touchscreen laptop is equipped with an Intel 13th generation core i3 processor which delivers powerful performance perfect for both work and play at speeds of up to 4.5GHz. It comes with 32GB of RAM and a full 1TB of storage on its SSD. It's designed for professional use for anyone who needs lightning-fast data access, seamless multitasking, and frequently uses demanding software applications. The laptop has a display size of 15.6 inches, supporting HD with its resolution of 1366 x 768 pixels. The LED backlit screen is anti-glare so it remains comfortable to use in any environment for long hours of either hard work or entertainment. It's also a touchscreen which allows you to use your laptop like it's a tablet. And I'll say this… touchscreen is absolutely the optimal way to play Balatro and everyone should be playing Balatro. The laptop is sleek and lightweight, making it easy to travel with or to take to a local coffee shop to get work done there. The HP 2025 laptop is pre-installed with Windows 11 Pro, which features a redesigned Start menu, OneDrive integration, multiple personalized desktops, new keyboard shortcuts, and more. Universal Search is a new feature now found on the the taskbar across the bottom of your screen. You can literally search for anything. Whether you're looking for specific files or apps on your computer or need recipes or maps on the web, it will look through all systems to find exactly what you need. Contacts, notes from class—you name it. All with one search bar. Right now, you can save a crazy 73% on the Inspiron laptop with Windows 11 Pro from HP. That brings the price down from $2,400 to just $650—a $1,750 savings. Before getting too excited, it's never listed at that full price. However, this is still a reasonable price to pay for the HP 2025 laptop with a 1TB SSD and 32GB of RAM. You also get a lifetime license to the full Microsoft Office suite. See at Amazon
Yahoo
5 days ago
- Business
- Yahoo
The hidden price of free: How businesses' cost-cutting tech choices compromise your security
Free software is everywhere, used for email, marketing, accounting, scheduling, and even storing customer data. For small businesses under pressure, it's a tempting way to cut costs and stay afloat. But 'free' often comes with strings. Many of these tools don't offer strong security, putting your customers or clients at risk. What looks like a smart financial move can end up compromising sensitive information. Plenty of businesses, from healthcare to retail, have learned this the hard way. Data breaches tied to free platforms aren't rare, and the consequences can be serious. Just because a tool saves money doesn't mean it's the right choice. If it's not built to protect sensitive data, it might cost you and your customers much more down the road. Heimdal explored this issue to highlight how popular free software tools can weaken cybersecurity and what businesses (and consumers) can do to stay protected. Free software isn't really free. To stay in business, these tools often make money by tracking users, selling data, or running ads. They can collect user data by scanning emails, monitoring activity, or analyzing documents, and it's rarely clear how the data is used or stored. Without strong protections in place, customers can end up paying the price with lost privacy. Businesses might save a few dollars using free platforms, but the trade-off can mean weak security, intrusive advertising, and data leaks. Free platforms often lack essential security features like encryption, multi-factor authentication, and monitoring tools. These gaps can make sensitive information easier to access and exploit. Even trusted brands make compromises in their free versions. For example, Microsoft's no-cost Office stores files on OneDrive by default and displays ads. This setup raises concerns about privacy and control over users' stored content. The most troubling part is that customers don't choose these tools—businesses do. But when something goes wrong, it's the customers who suffer. Their data may be exposed, sold, or stolen. Free software might help balance a budget, but the real cost is often passed on to someone else. Legal and compliance risks Using free software can do more than risk data. It can also break the law. Industries like healthcare, finance, and legal services must follow strict compliance standards and data protection rules. Free tools may not be equipped with the features needed to meet those requirements. Take healthcare, for example. HIPAA requires encryption for patient emails containing health information, yet most free platforms don't offer that protection by default, which can lead to provider violations, fines, and lawsuits. Any business collecting customer information, such as emails, names, or payment details, has a legal obligation to safeguard it. The Federal Trade Commission (FTC) has outlined specific steps businesses should take after a breach, from notifying users to fixing the issue, and they don't take violations lightly. From retail to healthcare, real-world breaches show how cutting corners on tech can expose sensitive data, violate regulations, and damage trust. The following examples highlight what happens when cost-saving decisions put customers at risk. Retail and e-commerce data exposures Online shopping is convenient, but only if businesses keep customer data safe. Many small retailers use free or cheap tools to handle payments and store personal details. Without strong security, that choice can cause damage. Drizly's 2022 breach is a clear example. After ignoring known vulnerabilities, the alcohol delivery company and its CEO faced FTC action when millions of customer records were compromised. It's no longer in business. Insecure systems can lead to fraudulent charges, identity theft, and long-term credit damage for customers. Hackers can use leaked details to open accounts or apply for loans. Retailers may not intend harm, but skipping secure systems puts people at risk. Saving money shouldn't come at the cost of customer trust and safety. Small business service providers Law firms, consultants, and accountants often handle highly sensitive client data. But when they rely on free tools, they may be putting that information at risk. Free cloud storage isn't always secure, and file-sharing tools pose similar risks. Without alerts or monitoring, unauthorized access can go unnoticed, leaving confidential documents exposed. In 2024, Illinois-based accounting firm Legacy Professionals suffered a data breach that exposed the personal information of nearly 217,000 individuals, including Social Security numbers and health data. Multiple lawsuits were filed, alleging the firm failed to implement reasonable security measures or notify victims promptly. A single breach can shatter client trust in these types of businesses. Once it's broken, it's tough to rebuild. Plus, if data like Social Security numbers or banking info gets leaked, clients could face real financial harm. Healthcare privacy breaches Using free tools in healthcare puts providers at serious risk. Without proper security, these tools can lead to HIPAA violations. Take free email platforms, for example. If they don't encrypt messages, patient info gets exposed with every send. That kind of slip can trigger identity theft, insurance scams, and even job discrimination. Onsite Women's Health experienced this firsthand. In October 2024, the Massachusetts-based provider suffered an email data breach that exposed the personal details of over 350,000 people. Lawsuits followed, claiming the company didn't do enough to protect patient data. Customers can spot weak digital security if they know what to watch for. Many small businesses using free tools leave behind clues. One red flag? Free email addresses. A business sending messages from @ or @ might not be using secure, business-grade email services. Custom domains usually offer stronger protections. Sketchy websites are easy to spot if you know what to look for. No 'https,' a broken padlock, or browser warnings usually mean the site isn't secure. Pay close attention to payment pages. If you're redirected to a site you don't recognize or don't see trusted logos, that's a red flag. Maybe the system is outdated or missing encryption. Even random software ads can be a clue. They might mean the business is running on older, less secure tools. These signs aren't foolproof, but they help people protect their data. Business practices that signal risk Some businesses make it pretty easy to spot security problems if you know what to look for. Pay attention to how they handle your data. If they dodge security questions or give vague answers, that usually means their protections are weak or nonexistent. Privacy policies packed with generic language are another warning sign. If they don't say how data is stored, whether it's encrypted, or who can access it, they're probably not taking security seriously. Be wary if a company asks for info they don't need, like your birthdate, just to sign up for a newsletter. That usually means they're collecting data for marketing or even selling it. And if a tool forces everything into cloud storage without options, that's a hit to your control. No transparency? No real privacy. Before sharing your data Sharing personal information shouldn't be automatic. Before filling out a form or buying something online, consider how that business handles your data. Ask direct questions. How is your data stored? Is it encrypted? Who can access it? If the business can't answer clearly, that's a red flag. The FTC expects transparency, and so should you. Read the privacy policy. Look for details on data sharing, storage time, and security measures. If it's vague or hard to follow, that's not accidental. Do a little research. Check for HTTPS in the URL, valid security certificates, and online reviews. See if the company has had breaches or complaints. Trust your gut—if something feels off, walk away. A cautious pause now can save you headaches later. After your data has been shared Even if you're careful, breaches can still happen. Once a company has your information, it's smart to stay alert. Watch for unusual activity in your bank accounts, emails, and credit reports. Tools like credit monitoring or breach alerts can help you spot trouble early. You can also check online databases to see if a company you've used has been breached. If you feel something is wrong, act quickly. Change your passwords and freeze your credit if needed, then report the issue and keep records. The FTC offers a helpful guide for the next steps. Know your rights and don't stay silent. Depending on your location, you might qualify for credit monitoring or compensation, and you can report mishandling to the FTC, your state attorney general, or consumer protection agencies. Affordable alternatives to free software Businesses don't have to choose between overspending and risking security. Plenty of budget-friendly tools offer real protection without the downsides of free platforms. Many paid options are built for small businesses and include encryption, access controls, and support. When you consider the hidden risks of free software, affordable paid versions start to look like smart investments. Open-source tools can also be secure. Many are well-maintained and ad-free, but they may require IT support to set up properly. Using a risk assessment checklist (e.g., What data is stored? Who owns it? Is it updated regularly?) can help guide smart choices. Breaches can cost far more than subscriptions. Spending a little now can protect trust, data, and your bottom line later. Minimum security standards worth paying for Some security features are nonnegotiable when handling sensitive data. These protections are worth paying for: Automatic updates to fix vulnerabilities fast Strong logins with multi-factor authentication Encryption for data while it's moving and when it's stored Role-based access and audit logs to track who's doing what Backup and recovery systems in case something goes wrong These features cut the risk of breaches, protect your reputation, and keep you out of legal trouble. It's smart IT and smart business. Consumers aren't helpless when it comes to data protection. Speaking up and making informed choices can help push businesses to do better. Start by asking questions. Don't hesitate to ask how your data is stored, whether it's encrypted, or who has access. These conversations can nudge companies toward stronger security. Choose where you spend. Supporting businesses that invest in secure systems helps raise the standard. Avoiding those that cut corners sends a clear message. Stay informed. Know your rights and keep up with trends in data security. Stay alert. Use strong passwords, keep software updated, and monitor your accounts. Free software may offer convenience, but it often comes at a price—one that customers or clients may end up paying. Businesses and consumers alike have the power to change that. This story was produced by Heimdal and reviewed and distributed by Stacker.
Forbes
6 days ago
- Business
- Forbes
Microsoft OneDrive Mistake—Check Now If All Your Files Have Been Shared
Check your settings now. A new security report warns that millions of users have likely provided 'ChatGPT and other web apps full read access to [their] entire OneDrive" without realizing. Given how easy a mistake this is to make, users are urged to check their settings immediately. The team at Oasis Security estimates 'that hundreds of apps are affected, including ChatGPT, Slack, Trello, and ClickUp — meaning millions of users may have already granted these apps access to their OneDrive. This flaw could have severe consequences, including customer data leakage and violation of compliance regulations.' The flaw stems from the way in which OneDrive's File Picker works. When users think they're sharing a single file, they're likely sharing everything. 'The official OneDrive File Picker implementation requests read access to the entire drive – even when uploading just a single file – due to the lack of fine-grained OAuth scopes for OneDrive.' Oasis Security says they have advised Microsoft and others of the issue, but there have been no changes and so the onus is on users to check their settings. 'While users are prompted to provide consent before completing an upload, the prompt's vague and unclear language does not communicate the level of access being granted." Most of the likely file sharing is accidental, but this flaw also 'makes it impossible for users to distinguish between malicious apps that target all files and legitimate apps that ask for excessive permissions simply because there is no other secure option.' And now the flaw has been publicly highlighted, it's an invitation for abuse. Oasis Security warns that the lack of 'fine-grained OAuth scope' combined with the vague prompt presented to users 'is a dangerous combination that puts both personal and enterprise users at risk.' The mitigation is as follows: For enterprises, mitigation is different: I have reached out to Microsoft for any comments on the new report and advice for OneDrive users. The full report into this security flaw is here. Black Duck's Jamie Boote warns 'many people forget how vital the data in their OneDrive folders often are – scanned documents that end up in the 'My Pictures' or 'My Documents' folders may hold the key to one's credit identity and profile. Whenever an app asks if you trust it, you're trusting it with your most precious data.'
Techday NZ
23-05-2025
- Business
- Techday NZ
Looking ahead: The future of AI-driven workflows
As a society, we have undergone a major transformation in just a few short years in the realm of artificial intelligence (AI). AI has moved from being a niche technological advantage to becoming a mainstream pillar of modern business operation. The question has transitioned from should we implement AI, to how we should implement AI in our businesses. This poses the question, how do modern businesses harness the benefits of AI efficiently, securely and with optimal integration into existing digital infrastructure? As we contemplate the future of business and where the evolution will take us, it's becoming clear that AI is poised to automate not only mundane, repetitive tasks but how we communicate, collaborate and add value. The transformation is set to be led by AI tools like chatbots, designed to integrate into existing workflows, streamlining operations and evaluating customer experience. The evolution of automation to workflow intelligence Legacy automation was marked by rigid systems that required intensive setup and ongoing maintenance. By contrast, today's AI technology brings with it contextual awareness that can interpret language patterns, anticipate user needs in real time and automatically adapt as needed. Businesses can now deploy sophisticated AI tools in minutes that support both internal functions and customer facing interactions seamlessly. Intuitive AI is democratising automation. Only a few short years ago, automation and AI was a luxury only afforded to large enterprises with similarly large budgets but now the benefits of AI can be extended to small and medium sized businesses at minimal costs. Failure to embrace the AI revolution means falling behind and losing your competitive edge. The emerging role of chatbots in businesses today It's becoming evident that the role of chatbots goes beyond simple digital assistance. Chatbots are becoming a business-critical workflow engine that reduces customer service loads, manages internal process compliance and facilitates employee training and onboarding. Looking to the next decade, we can expect to see chatbots take on more strategic roles. Even now, businesses are increasingly embedding automation into daily operations. Integration into common platforms like Microsoft OneDrive means that users can easily retrieve documents, trigger new workflows and even gain surface insights, all without leaving the chatbot interface. Imagine a sales team that can source product specification documents from OneDrive automatically, using a single chatbot. Or perhaps a customer support team member who can order a return of an item and have the logistics record updated, all with a single command. This might seem impressive now, but this degree of automation is soon to be the standard. Looking to the next decade Given the rapid advancement of AI since its inception, we can expect to see five key trends that will shape the next decade of AI deployment: 1. Hyper-personalisation at scale AI will increasingly create bespoke responses and actions to individual users, informed by contextual data and preferences. Chatbots will "learn" the working styles of each team member or customer, improving relevance and efficiency. 2. Cross-platform interoperability No single tool operates in a silo. The most valuable AI solutions will integrate with workplace ecosystems like Microsoft 365, Slack, and CRMs, becoming the connective tissue across different departments. 3. Voice activation and multimodal interaction The future isn't just text. Voice-enabled workflows, visual dashboards, and multimedia support will make AI interactions more natural and user friendly. 4. AI for compliance and governance We can expect AI tools to proactively guide employees through processes, flag risks, and ensure documentation is handled according to specific policies. AI will be a silent compliance partner, keeping teams on track. 5. More emphasis on ease of use and security While capabilities will steadily become more powerful, the user experience must stay simple and intuitive. Chatbots will lead the way with effortless, secure, and no-code deployment, ensuring the technology supports daily operations. Accessibility matters The future of AI hinges on widespread accessibility and simplicity. Small to medium sized businesses need tools that are intuitive, easy to integrate, require little training and provide immediate value. The next chapter of digital transformation will see AI working alongside humans to provide even greater value to business processes. Automating the mundane allows for humans to focus on more high value and creative activities. The next decade will be marked by smarter workflows that result in smarter outcomes. AI will no longer be an accessory to modern business; it will be the invisible engine that powers successful workflows. AI will pave the way for secure, scalable and intuitive solutions ready to power us into the AI driven future.
