Company data endangered by lack of BYOD security
The bring-your-own-device (BYOD) movement may be popular with employees, but it may also be putting corporate data at risk due to a lack of adequate security controls, employer policies and employee education, according to a survey conducted by Coalfire, an IT governance, risk and compliance services company.
Calling BYOD — where employees bring their smart phones, tablets and laptops to work and connect to corporate networks — a “megatrend,” Coalfire said that the movement toward employee-owned devices is introducing a number of new security risks and that companies need to do much more to protect their infrastructure.
“Gone are the days where security professionals can lock down a finite set of machines and facilities. Instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications, many of which have access to information that needs to be protected,” said Mike Weber and Christopher Lietz, authors of the report.
Mobile device security begins with a password
The study, based on a poll of approximately 400 non-IT department individuals in a variety of industries, found 47% of respondents have no passcode on their mobile phone, even though 84% of individuals stated that they use the same smart phone for personal and work usage.
Sixty-eight percent of respondents reported that they used a laptop, with 31% of those laptops having been issued to them by their company. Tablets were a distant third in the survey, used by only 20% of responders and are almost all owned by the employee.
Mobile device security appears to be best understood when a laptop is being used, the survey found: 80% of laptop users employ passwords. Only 58% of tablet users employ this important layer of protection.
When they learned that a strong password meant using at least 8 characters, including letters, numbers and symbols, just half of smart phone user respondents claimed to have strong passwords. Tablet and laptop users were more confident, with 62% and 76% claiming to have strong passwords.
Risky mobile device behaviors
Another set of questions in the survey focused on user behavior, specifically the susceptibility in using insecure networks, email phishing, malware downloads, shared passwords and plain bad practices.
Six in 10 respondents said they still write passwords down on a piece of paper while 36% of workers said they reuse the same password for different accounts. Thirty-two percent admitted to having joined unsecured, public Wi-Fi networks. Nearly four in 10 confessed to having clicked on links from emails purporting to be from financial institutions, a common phishing trap, while half of respondents said they clicked on links through social media.
“This is especially worrisome when coupled with users’ access privileges,” the authors wrote.
Thirty percent of smartphone users acknowledged that they have access to sensitive information, and another 16% weren’t sure if they have such access. Tablet users gave similar responses (34% and 13%, respectively).
Company policies also to blame for weak BYOD security
Employees are not solely to blame for potential security risks associated with BYOD.
Sixty-one percent of respondents said they had no knowledge of a company social media policy, and 62% said the same about policies for mobile device usage. “In conducting an IT security review, our auditors often find that our clients have policies, but employees don’t know about them,” Coalfire said.
Only 25% of the survey takers reported a discussion from IT about mobile security, and a whopping 79% of respondents didn’t know that IT could deactivate and erase the data on lost devices.
Recommendations to help secure data on mobile devices
Coalfire offered the following recommendations:
• Create a mobile device policy and communicate it early and often. Make sure your employees read and sign off on the policy. Then conduct training and test proficiency.
• Use all methods available to control access to company data on mobile devices. Some of the most effective mobile device management and network access control solutions include capabilities that already exist as features of your enterprise communication platform, the authors wrote.
• Be aware of what employees can access with their devices and zealously enforce strong passwords and password rotation.
• Regularly test your defenses to make sure that infected machines and careless users don’t place your organization in jeopardy.
“Mobile devices have arrived in the workplace, and it’s a win-win situation when employees provision their own devices, helping to lower costs and increase productivity. But you must know the risks and manage them,” the authors concluded.
Roy Maurer is a staff writer for SHRM.
Have HR-related questions and concerns? Get access to essential forms, policies and guides, plus a live call center, at ToolkitHR.com, powered by HCN and the Society for Human Resource Management (SHRM).
S&P/Case-Shiller index fuels hope for a comeback
The S&P/Case Shiller Home Price Indeces showed positive annual growth rates in three key metrics for the first time since the summer of 2010.
“Home prices gained in the second quarter,” said David M. Blitzer, chairman of the Indx Committee at S&P Dow Jones Indices. “In this month’s report, all three composites and all 20 cities improved both in June and through the entire second quarter of 2012.”
Specifically, the National Composite increased by 6.9% in the second quarter; and the 10-and 20-cty composites were up 5.8% and 6.0%, respectively.
Charlotte and Dallas, however, saw annual rates of change get worse in June. All the other 18 cities on the index saw improvement, and 13 of those had a positive trend.
The S&P press release analyzed the numbers this way: “We seem to be witnessing exactly what we needed for a sustained recovery; monthly increases coupled with improving annual rates of change. The market may have finally turned around.”
No comments found
Confidence Index turns south
The Conference Board Consumer Confidence Index declined to its lowest level since November 2011, hitting a reading of 60.6 in August.
The Consumer Confidence Index fell in August to 60.6, down from a revised 65.4 in July. The latest figure marks the lowest index reading since November 2011.
"A more pessimistic outlook was the primary reason for this month’s decline in confidence,” said Lynn Franco, director of economic indicators at The Conference Board, which produces the index. “Consumers were more apprehensive about business and employment prospects, but more optimistic about their financial prospects despite rising inflation expectations. Consumers’ assessment of current conditions was virtually unchanged, suggesting no significant pickup or deterioration in the pace of growth."
Consumers’ assessment of current conditions was little changed in August. Those claiming business conditions are "good" improved to 15.2% from 13.7%, while those saying business conditions are "bad" was unchanged at 34.4%.
The percentage of consumers expecting business conditions to improve over the next six months declined to 16.5% from 19.0%, while those anticipating business conditions will worsen increased to 17.7% from 15.1%.
According to a Commerce
According to a Commerce Department report Monday, consumers spent more in September. That means consumer confidence increased, even as the savings rate of customers disappeared for the 3rd month in a row. Read more here: Consumer spending is up, personal savings down.