With the wide-scale adoption of smartphones within organisations, a staggering 94% of IT Security professionals believe that these devices pose more of a security risk to companies than mobile storage devices (88%) and laptops (79%).
That’s the stark warning unearthed in a survey released today by Data Specialists Credant Technologies carried out amongst 300 senior IT professionals.
In fact, over half of the security conscious respondents (56%) surprisingly confessed to ‘not bothering’ to use a password every time they used their own mobile/smartphone – the most basic security precaution and often the first line in defence.
Billions are being spent on information security yet companies are leaving their back doors and windows wide open by allowing uncontrolled devices access risking sabotage, hacking and exploitation.
The issue is that, unlike corporate laptops, the majority of these rogue devices are personally owned yet they are still being granted access to the corporate network without additional security (91%) or restrictions (81%) applied. Fundamentally it’s a case of the owner being ignorant to the risk posed by their actions.
In reality, these devices are easy pickings for an opportunist who gets their hands on one, if lost or stolen, and with a little bit of knowledge could then use the information stored on it to take over the ID of the legitimate owner and gain access to the network!
The reality of such a breach will make headline news causing financial implications, embarrassment, brand damage and even customer erosion – it’s only a matter of time before the first violation involving a smartphone is reported.
The underlying issue is overlooking the risk posed by insecure end-points and mobile devices with little or no controls in place to contain them.
Organisations are obliged to have security policies as part of their regulatory compliance yet an incredible 71% do not cover the use of mobile/smartphones with 68% choosing to ignore USBs/MP3s and other storage devices - almost entirely and blissfully overlooking the security implications.
88% of the people surveyed think that mobile storage devices are a security risk, with this figure increasing to 94% for companies employing more than 1,000 people, so surely its time for their inclusion in the security policy – it’s the very least that should be done. Ignorance can no longer be used as an excuse.
Perhaps the most startling figure in this research is that 79% of respondents still feel that laptops pose a security risk.
This is evident in the number of organisations having to hold their hands up to having had an unprotected device lost or stolen as was the case for Nationwide, HMRC and Bank of Ireland to name just a few in recent months.
40% of those surveyed confirm that data contained on their laptops is encrypted but that still leaves a further 60% who believe that their information isn’t worth protecting – let’s hope they’re not proved wrong.