Smartphones pose a greater security risk than mobile storage devices and laptops

(05/06/2008)

According to a survey released by Credant Technologies, with the wide-scale adoption of smartphones within organisations, a staggering 94% of IT Security professionals believe that these devices pose more of a security risk to companies than mobile storage devices (88%) and laptops (79%).

In fact, over half of the security conscious respondents (56%) surprisingly confessed to ‘not bothering’ to use a password every time they used their own mobile/smartphone – the most basic security precaution and often the first line in defence. Billions is being spent on information security yet companies are leaving their back doors and windows wide open by allowing uncontrolled devices access risking sabotage, hacking and exploitation.

The issue is that, unlike corporate laptops, the majority of these rogue devices are personally owned yet they are still being granted access to the corporate network without additional security (91%) or restrictions (81%) applied.

Fundamentally it’s a case of the owner being ignorant to the risk posed by their actions. In reality, these devices are easy pickings for an opportunist who gets their hands on one, if lost or stolen, and with a little bit of knowledge could then use the information stored on it to take over the ID of the legitimate owner and gain access to the network!

The reality of such a breach will make headline news causing financial implications, embarrassment, brand damage and even customer erosion – it’s only a matter of time before the first violation involving a smartphone is reported.

The underlying issue is overlooking the risk posed by insecure end-points and mobile devices with little or no controls in place to contain them. Organisations are obliged to have security policies as part of their regulatory compliance yet an incredible 71% do not cover the use of mobile/smartphones with 68% choosing to ignore USBs/MP3s and other storage devices - almost entirely and blissfully overlooking the security implications.

88% of the people surveyed think that mobile storage devices are a security risk, with this figure increasing to 94% for companies employing more than 1,000 people, so surely its time for their inclusion in the security policy – it’s the very least that should be done. Ignorance can no longer be used as an excuse.

Perhaps the most startling figure in this research is that 79% of respondents still feel that laptops pose a security risk. This is evident in the number of organisations having to hold their hands up to having had an unprotected device lost or stolen as was the case for Nationwide, HMRC and Bank of Ireland to name just a few in recent months. 40% of those surveyed confirm that data contained on their laptops is encrypted but that still leaves a further 60% who believe that their information isn’t worth protecting – let’s hope they’re not proved wrong.

“I’m really shocked by the results of this survey, especially given the current security climate and the level of knowledge of the sample, that this practice goes on in organisations today” remarked Peter Mitteregger, European Vice President for Credant Technologies. “Companies need to regain control of these devices, and the data that they are carrying, or risk finding their investment in securing the enterprise misplaced and woefully inadequate. Cost effective solutions exist to mitigate the risks posed by these endpoints after all, there’s no point employing leading technology to secure the front door if the back door’s left wide open!”

Related topics:  Computer and PC Security   Data management and data security   Encryption   Mobile and Wireless Security   Security management and policies 

Print version | Email to a friend | Related articles

Data breaches: Trends, costs and best practices gives you all the latest information on securing personal and corporate data, key recommendations for immediate action to improve data security, and how to respond to data breaches.

Other Security news and resources