Almost 95% of IT security breaches can be attributed to some kind of human error. They say “to err is human,” and this definitely holds true for IT security. The rise of mobility, of laptops, smartphones and tablets, has resulted in a mobile workforce that introduces new data security challenges. A current area of concern is the use of mobile devices when traveling, which at the best of times increases data risk, and now is further amplified by new research indicating the insecurity of hotel WiFi.
In our Mobile Enterprise Risk Survey, we found that data security was being hampered by employees, who do not accurately value the corporate data on their devices, nor their role in protecting this data. The survey showed that 23% of the respondents believe that data security is “not their responsibility.” In reality, employee actions have the
Corporate data is constantly at risk on mobile devices; devices are routinely lost or stolen, employees use public WiFi, click on phishing links, bypass encryption, download unapproved apps or share the same password across corporate and personal services. There is a lot of “mobile mischief” going on that puts corporate data at risk, so organizations need to look at how to manage the use of devices, and educate staff, to avoid a costly data breach.
The FTC released an alert earlier this year warning travelers of the risks associated with hotel Wi-Fi, and a new report from Cylance suggests that 8 out of the top 10 hotel chains have vulnerable routers. Hackers are using security vulnerabilities in hotel WiFi to steal people’s passwords and other sensitive information, all of which could be used toward a subsequent attack against a corporate network. Earlier this year, we discussed the rise of a more targeted attack on business travellers through WiFi, targeting the laptops, phones and BYOD devices of executives as a prelude to corporate cyberattack.
What can IT do to protect devices in these situations?
With the proper training and IT support, backed with Persistence technology, organizations can make strides to offset the kinds of employee behaviour that put corporate data at risk.