Are Your Employees Compromising Your Company’s Sensitive Information with Unsecured Mobile Devices?

Facebooktwittergoogle_plusredditpinterestlinkedinmail

Mobile devices have revolutionized the workplace by making near-instant response times possible outside of normal work hours. Who among us hasn’t worked into the night during a hotel stay or answered company email at Starbucks?  But when employees use unsecured  devices such as laptops, tablets, smartphones and USB devices to do that, they greatly increase the risk to company networks and their sensitive data.

 

Mobile Devices Pose a Huge Threat to Corporate Security

That’s the conclusion of the new Global Study on Mobility Risks sponsored by Websense and independently conducted by Ponemon Institute.  The February, 2012 study of over 4600 IT security practitioners in the 12 countries found that, during the past year, 51% of the organizations surveyed experienced data loss resulting from employee use of unsecured mobile devices.  Over 30% of respondents said these devices were responsible for an increase of more than 50% in malware infections.

The consequences of the data breaches were serious. They included theft, removal or loss of information and/or other resources (38%); and disclosure of private or confidential information (38%).

According to Websense, companies make significant investments in encryption and endpoint security.  But many don’t know how data and what data is leaving through insecure mobile devices. Those surveyed said that personal devices pose just as much risk as insecure corporate mobile devices.

Have Laptop Will Travel Can Be Bad for Business

 

This complaint sent to the Federal Trade Commission by a hacking victim reveals just how easy it is for cybercriminals to access sensitive information through mobile devices:  During a business trip, a company employee surfed websites at public Wifi hotspots.  But it was only after returning home that he noticed that his laptop had been hacked.  Click-tracker and an off-site vault had been set up.  The anti-virus software had been disabled; and the on/off switch for wireless transmission had been locked in the “on” position. The employee’s personal identifying information had been compromised.  Hack attacks like that happen countless times each day at Wifi hotspots; and they’re surprisingly easy to execute.

A 2011 report by Carnegie Mellon CyLab in cooperation with the security firm McAfee found that company employees are increasingly compromising critical business data by keeping it on their laptops.  The survey of 1500 respondents in 14 countries revealed that 72% of wireless devices used for work are laptops. One in three employees kept sensitive work-related information on their mobile devices.  And 63% of work- issued mobile devices were being used for personal activities.

Clearly, it would be unrealistic to try to prevent employees from using company-issued and personal mobile devices at unsecured wireless locations.  But that means the onus is on companies to make sure their mobile devices are secure.

Address the Risks That Mobile Devices Pose in the Workplace

 

Do a security audit to learn what practices are putting your company at risk.  Create a comprehensive mobile device policy for all employees and contractors and make sure they understand it.

 

  • Ensure that firewalls turned on, virus and malware protection is updated and scans are run frequently on mobile devices.
  • Make long strong passwords a priority.  That means ones composed of  a combination of 8 to 20 upper and lower case letters, numbers and characters that are difficult for hackers to guess or crack.
  • Instruct employees to connect to Wifi networks manually (“access point”), instead of automatically (“ad hoc” or “peer to peer.”)  This will help prevent them from connecting to rogue networks designed to steal sensitive information.
  • Make sure they disable file sharing before using Wifi hotspots and other unsecured wireless connections.
  • Ask employees to disable the wireless connections on their mobile devices when they’re not using them.
  • Limit the sensitive information on your network.
  • If your employees need to access sensitive information and email from unsecured wireless networks, a virtual private network solution like PRIVATE Wifi™ is a necessity. VPNs encrypt the data traveling to and from computers. That makes it invisible to hackers.

Was your organization’s network hacked because an employee used an unsecured mobile device?  If so, we’d like to hear what happened.  Drop us a line and share your story.

 

Get Private Wifi   Protect your personal information.
Get DataCompress   Cut your mobile data usage.

Jan Legnitto

Jan Legnitto is an investigative journalist and documentary producer who writes about criminal justice and intelligence issues. Jan is also a frequent contributor to the Private I blogs.