With the wide-scale adoption of smartphones within organisations, 94pc of IT Security professionals believe that these devices pose more of a security risk to companies than mobile storage devices (88pc) and laptops (79pc).
That’s according to a survey released today by Credant Technologies, an endpoint data protection product firm, carried out among 300 senior IT professionals. Over half of the security conscious respondents (56pc) confessed to ‘not bothering’ to use a password every time they used their own mobile/smartphone – the most basic security precaution and often the first line in defence. Billions is being spent on information security yet companies are leaving their back doors and windows wide open by allowing uncontrolled devices access risking sabotage, hacking and exploitation, it is claimed.
Smartphones, users
The issue is that, unlike corporate laptops, the majority of these rogue devices are personally owned yet they are still being granted access to the corporate network without additional security (91pc) or restrictions (81pc) applied.
Fundamentally it’s a case of the owner being ignorant to the risk posed by their actions. In reality, these devices are easy pickings for an opportunist who gets their hands on one, if lost or stolen, and with a little bit of knowledge could then use the information stored on it to take over the ID of the legitimate owner and gain access to the network! it is claimed. The reality of such a breach will make headline news causing financial implications, embarrassment, brand damage and even customer erosion – it’s only a matter of time before the first violation involving a smartphone is reported, it is claimed.
Your policy
The underlying issue is overlooking the risk posed by insecure end-points and mobile devices with little or no controls in place to contain them. Organisations are obliged to have security policies as part of their regulatory compliance yet 71pc do not cover the use of mobile or smartphones with 68pc choosing to ignore USBs/MP3s and other storage devices – almost entirely and blissfully overlooking the security implications. Some 88pc of the people surveyed think that mobile storage devices are a security risk, with this figure increasing to 94pc for companies employing more than 1,000 people.
Laptop lethargy
Some 79pc of respondents still feel that laptops pose a security risk. This is evident in the number of organisations having to hold their hands up to having had an unprotected device lost or stolen as was the case for Nationwide, HMRC and Bank of Ireland to name just a few in recent months. Some 40pc of those surveyed confirm that data contained on their laptops is encrypted but that still leaves a further 60pc who believe that their information isn’t worth protecting – let’s hope they’re not proved wrong.
“I’m really shocked by the results of this survey, especially given the current security climate and the level of knowledge of the sample, that this practice goes on in organisations today!” remarked Peter Mitteregger, European Vice President for Credant Technologies. “Companies need to regain control of these devices, and the data that they are carrying, or risk finding their investment in securing the enterprise misplaced and woefully inadequate. Cost effective solutions exist to mitigate the risks posed by these endpoints after all, there’s no point employing leading technology to secure the front door if the back door’s left wide open!”
