Feeds

Lax mobile security leaves UK.biz at risk

An accident waiting to happen, apparently

Securing Web Applications Made Simple and Scalable

Confusion and lack of leadership is leaving many UK businesses exposed to mobile security risks, according to a new study.

Four in five (80 per cent) of 2,035 IT pros surveyed by market analyst firm Quocirca, say ordinary workers constitute the main mobile security threat.

But one in five companies that already have a wide deployment of mobile devices (such as wireless PDAs and smartphones) admit they've failed to implement effective security policies.

Even among respondents that have mobile security policies, three in five (60 per cent) admit the policies are not enforced. This raises questions about leadership within organisations and whether senior staff are treating security as a high enough priority, according to mobile telco Orange, which sponsored the online study.

"Responsibility for security is being placed firmly in the hands of the user, but it's essential that attitudes change and security becomes a shared responsibility between the company and the employee," says Alastair MacLeod, vice president of Orange Business Solutions UK. "There are a number of simple ways to encourage responsible behavior and the first obvious step is to set out a sensible security policy and to engage users through consultation, not prescription. Communication is key."

The survey found business managers were content to leave staff - rather than IT managers or the board - responsible for the data security of mobile devices. Staff were often given a choice over what device they wanted, and the use of passwords or PIN protection was often left up to to them. Even firms with a better understanding of mobile workings frequently failed to keep track of devices or take steps to provide access to corporate resources in a controlled manner.

"There is widespread naivety and neglect in handheld device security," said Rob Bamforth, principal analyst at Quocirca. "However, it is important to realise that both employees and employers have to play their part. Organisations have a duty to develop, communicate and enforce an effective security policy which employees should understand and abide by. Since some users will still have a lax attitude, businesses should place a safety net of measures to deal with the most likely eventualities including backup and contingency planning." ®

The smart choice: opportunity from uncertainty

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.