A fair amount of business users remain oblivious or unconcerned about many of the security issues involved with mobile devices, according to a new study published by Cisco and the National Cyber Security Alliance.
While a greater number of business users are carrying laptop computers and mobile handhelds every year, a good number of people either ignore security threats related to the machines or policies meant to protect them from attack or data loss, the report finds.
Cisco and the NCSA cite IDC research which predicts that roughly 70 percent of all workers in the United States will be armed with some sort of mobile device by 2009. Another piece of research cited in the report and published by Korn/Ferry concludes that 81 percent of all business executives worldwide are already using mobiles of some kind.
Based on those figures and their findings, the report authors said that a great deal of end-user education still needs to occur to help people avoid making bad decisions in protecting mobile devices against potential attacks or data loss.
In the study, which was carried out via interviews with 700 business people who use mobile devices in the United States, United Kingdom, Germany, China, India, South Korea, and Singapore, the researchers contend that the situation merits an increased focus on helping organizations to overcome the lack of acknowledgement of potential security problems among users.
The interviews themselves were carried out by independent research firm InsightExpress.
According to the report, some 73 percent of those surveyed said they do not always consider security issues when using their mobile devices, and 28 percent admitted that they hardly ever give thought to adhering to recommended procedures.
When pushed for the reasons why they failed to consider potential moble security risks, most users said they were more focused on getting their work done as quickly as possible.
Logging on to unknown or untrusted sources of wireless Internet access remains one of the most significant issues, the researchers said, with roughly one-third of all respondents admitting that they have done so at times. Users in China were the most grievous offenders, with 54 percent of those users saying they’ve gone onto unknown wireless networks, followed by users in Germany (46 percent) and South Korea (44 percent).
Many respondents claimed that they couldn’t initially tell when they were doing so or only did so when their own networks weren’t up and running, while others admitted they simply wanted free access. As in the world of e-mail, the practice of opening messages or attachments from unverified sources remains a major issue in the mobile sector, according to the report. The mistake is amplified by the knowledge that most of today’s mobile malware threats demand such user interaction to get onto devices in the first place. Education is the key to security
Some 44 percent of those surveyed said that they have opened messages or attachments from unknown sources. Part of the problem is that 76 percent of those interviewed said that they have a hard time differentiating such messages from legitimate content. The smaller screen size of handheld devices was cited as a primary contributor to the problem.
Experts said that educating end-users will play the most important role in righting the existing issues of perception over mobile security because the biggest problems are related to process, versus tangible threats, at this point.
“While this study shows mobility provides businesses with new risks, so do other Internet services and new technologies,” Ron Teixeira, executive director of NCSA, said in a report summary. “Mobility and the Internet can be used securely and safely if businesses institute a culture of security within their workforce by providing their employees with continuous cyber security awareness and education programs.”
Among the tips offered to improve mobile worker behavior by the NCSA — a nonprofit dedicated to advancing public awareness of security and privacy issues — are for users to adopt mobile device passwords, use anti-virus programs, download any recommended security patches, and back up all important content on their machines.
The group also advises users to encrypt sensitive data stored on mobiles and for businesses to have a response plan in place for handling wireless security incidents.
On a higher level, organizations should attempt to “marry” education with technological protections for both networks and devices, according to the report.
“What’s key is knowing that the issues outlined in this study can be addressed,” said Jeff Platon, vice president of security solutions at Cisco. “Technology is important in helping to resolve security issues for wireless mobile users, but education and communication are proactive measures IT can take to help address corporate security and generate greater ROI on their investments.”
“IT should be a strategic asset to the business, enabling business process transformation and unlocking the power of collaboration,” said Platon. “As more workers become mobile, proactively educating them to practice good security behavior should be a key tenet of any business’ approach to IT security, and risk management.”