As advances in personal digital assistants (PDAs) and smart cellphones have made them as powerful as desktop computers, employees are purchasing them in greater numbers and connecting them to their employers' computer systems. According to a survey conducted by TNS NFO (formerly NFO WorldGroup), 86% of employers knowingly permit these employee mobile devices, yet nearly the same number - 83.6% of employers - have failed to set usage guidelines for these devices, leaving their computer systems vulnerable to malicious code attacks and information theft.
Employees are not any more aware than their employers of the threat their mobile devices pose to computer systems. The survey also found that 74.6% of employees that use personal mobile devices either do not have, or do not know whether they have, any security protection on their PDAs or smart phones.
"Businesses worry a lot today about front-end attacks from hackers and how to stop them," said Tom Goodman, vice president of operations for Bluefire Security Technologies, the firm that commissioned the survey. "However, they have not paid very much attention to the equally dangerous back-end threat coming from employees connecting their high-powered handheld devices to their enterprise networks."
Serious risk exists when an employee places a mobile device into an in- office cradle, because the device is recognized by the company network as a trusted user and given clearance to access mission-critical information behind the network security protection. A business competitor could then gain free access to a company's entire database, and a sophisticated hacker could enter a corporate network through the device and use it to plant a computer program that would send information back to the source, undetected for an extended period of time.
The survey polled users of handheld devices from a weighted sample of Internet-connected households. In addition to the findings regarding the business use of employee handhelds, the study also found that consumers store vulnerable confidential information on their devices.
Only 9.5% of respondents, however, thought they would be embarrassed if someone stole any of this confidential information and posted it on the Internet.
"Consumers are clearly storing personal information considered private on their mobile devices, while employees using these devices for business are very likely storing data that their employers would regard as confidential," said Goodman. "Implementing a proactive mobile security strategy for employee-owned devices can not only protect a corporation from potential security problems, but it will also provide a platform for broader mobile enterprise planning. By centrally managing what these devices can access, store and process, an organization can safely and effectively manage its mobile workforce."
Posted to the site on 30th March 2004
Posted to: www.cellular-news.com/story/10936.php