A survey of 1,000 UK consumers by ESET found that 44 per cent of respondents will be taking their work-enabled mobile device abroad this year. While 67 per cent of respondents will carry work-related data on the mobile device they take on holiday; over a third admit to having no security on the device whatsoever.
In addition to this, 35 per cent of respondents admitted that they don’t check or even care if the Wi-Fi networks they connect to on holiday are secure and private.
Mark James, a security expert at ESET UK, said, “The unfortunate reality is that employees don’t seem to worry about how secure the information on their mobile device is when they are on holiday, and could therefore be putting sensitive data at risk.
“However, what employees must realise is that when they access corporate information from a mobile device, whether it’s personal or company owned, if it’s misplaced, then the corporate data it contains is at risk and no-one cares if you were on ‘a break’.
“My advice to organisations is to recognise that staff may work while on holiday and therefore take appropriate security precautions. This could include implementing security on all devices which contain corporate data and providing guidelines around connecting over public Wi-Fi networks.”
Field product manager at Cisco, Sean Newman, said, “While employees generally do not set out to deliberately pose an IT security risk to their employer, this study shows that the majority of workers are likely to be more concerned about getting online than strictly following the IT security policy. As such, security systems have to be designed to take on board the evolving work life patterns of the modern workforce.
“The upshot for companies is that there is no silver bullet when it comes to IT security. In the era of increased mobility of employees, they need to ensure they have full visibility across their network in order to spot unusual activities of behaviour.
“While businesses must realise that it’s not a matter of if they get attacked, but when and need to focus on setting their security accordingly, employees equally have their part to play by avoiding unsecured Wi-Fi networks, especially for work-related tasks, and ensuring that they adhere to their companies’ IT policies at all times.”
This is compounded by news that the US Secret Service issued a warning to hotels with business centres on the dangers of keystroke-logging malware that records a user's activity as they type, making it feasible to steal personal and financial data, as well as passwords.
Toyin Adelakun, VP of products for security firm Sestus, advised users to treat business PCs and networks as hostile and to be vigilant. “Presume that they are malware-ridden and bug-infested and always sniffing for your passwords and other personally-identifiable information (PII)," he said.
"If you have to use outside networks, accord them a respectful suspicion and do not use them to log onto any service that needs your private passwords."
He also warned against using hotel or other hospitality networks for access to other services, such as email, social media, Internet banking and online retail, saying, "It’s not just hotel business centres — it’s any business centre, computer showroom, Internet café or airport lounge.”
The advisory was issued solely to hospitality companies on 10 July and warned that arrests had already been made in Texas of potential suspects involved with compromising computers within several major hotels.
Dan Raywood is editor of The IT Security Guru