Feeds

Lax mobile security leaves UK.biz at risk

An accident waiting to happen, apparently

Combat fraud and increase customer satisfaction

Confusion and lack of leadership is leaving many UK businesses exposed to mobile security risks, according to a new study.

Four in five (80 per cent) of 2,035 IT pros surveyed by market analyst firm Quocirca, say ordinary workers constitute the main mobile security threat.

But one in five companies that already have a wide deployment of mobile devices (such as wireless PDAs and smartphones) admit they've failed to implement effective security policies.

Even among respondents that have mobile security policies, three in five (60 per cent) admit the policies are not enforced. This raises questions about leadership within organisations and whether senior staff are treating security as a high enough priority, according to mobile telco Orange, which sponsored the online study.

"Responsibility for security is being placed firmly in the hands of the user, but it's essential that attitudes change and security becomes a shared responsibility between the company and the employee," says Alastair MacLeod, vice president of Orange Business Solutions UK. "There are a number of simple ways to encourage responsible behavior and the first obvious step is to set out a sensible security policy and to engage users through consultation, not prescription. Communication is key."

The survey found business managers were content to leave staff - rather than IT managers or the board - responsible for the data security of mobile devices. Staff were often given a choice over what device they wanted, and the use of passwords or PIN protection was often left up to to them. Even firms with a better understanding of mobile workings frequently failed to keep track of devices or take steps to provide access to corporate resources in a controlled manner.

"There is widespread naivety and neglect in handheld device security," said Rob Bamforth, principal analyst at Quocirca. "However, it is important to realise that both employees and employers have to play their part. Organisations have a duty to develop, communicate and enforce an effective security policy which employees should understand and abide by. Since some users will still have a lax attitude, businesses should place a safety net of measures to deal with the most likely eventualities including backup and contingency planning." ®

SANS - Survey on application security programs

Whitepapers

Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.