IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

Employee carelessness poses security risk to businesses

Trend Micro report highlights perils of mobile device loss and Wi-Fi hijacking

Sensitive business data is being put at risk by the thoughtless behaviour of employees, a new report by Trend Micro has found.

The survey of 2,500 UK adults, published in a report entitled Britain's culture of carelessness with mobile devices, found over a quarter of smartphone users have had up to three work devices lost or stolen, and 63 per cent have no password protection on their phone at all.

The Tube is the most likely place for a phone to be lost or stolen in London (26 per cent), with the District and Circle lines proving to be particular blackspots.

A bar is the second most likely place for a smartphone to disappear (22 per cent), followed by a cafe (11 per cent) and a restaurant (8 per cent), according to the report.

At a roundtable to discuss the report's findings, representatives from Trend Micro, information security consultancy First Base, and law firm Taylor Wessing said the implications were clear for business.

James Walker, a security specialist at Trend Micro, said: "We talk about a watering hole from the point of view of compromising a website, [but if I were a criminal] I could know a bar where a certain target organisation would drink in after work, I could steal a mobile phone that's not password protected, send out a lot of phishing emails to lots of contacts within the organisation... and compromise a lot of people."

Vinod Bange, a partner at Taylor Wessing, added: "If you have an employee within an organisation who kept going to the accounts team and saying can I have 300 from petty cash please?' and came back the following day saying I lost it, can I have another 300?' and then the next day said sorry, I did it again, can I have another [300]?'   Who would do that?

"That is because cash is treated in a very particular way and it is about time organisations drew that link to treat information assets, whether it's personal data, confidential IP, or whatever it happens to be with the same degree of [restrictions]."

The report also examined the potential for data loss when using public Wi-Fi hotspots.

A team of ethical hackers from First Base used apps that were openly available on Google Play to clone a recognised Wi-Fi network, which volunteers' devices would then connect to automatically.

A hacker using this type of attack, known as an evil twin', is then able to see all the data sent, including sensitive corporate data and things that would normally be encrypted, like passwords. They could also restore sessions, to further mine data collected during the attack.

The volunteer victims' involved in these experiments said they felt scared that such an attacking method exists and that their privacy had been violated, even though it was just a simulation.

Featured Resources

Four strategies for building a hybrid workplace that works

All indications are that the future of work is hybrid, if it's not here already

Free webinar

The digital marketer’s guide to contextual insights and trends

How to use contextual intelligence to uncover new insights and inform strategies

Free Download

Ransomware and Microsoft 365 for business

What you need to know about reducing ransomware risk

Free Download

Building a modern strategy for analytics and machine learning success

Turning into business value

Free Download

Recommended

The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
The secure cloud configuration imperative
Whitepaper

The secure cloud configuration imperative

7 Mar 2022
Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection
endpoint security

Trend Micro Worry-Free Business Security review: Great cloud-managed malware protection

7 Dec 2021
Access brokers are making it easier for ransomware operators to attack businesses
cyber security

Access brokers are making it easier for ransomware operators to attack businesses

1 Dec 2021

Most Popular

Windows Server admins say latest Patch Tuesday broke authentication policies
Server & storage

Windows Server admins say latest Patch Tuesday broke authentication policies

12 May 2022
Costa Rica declares state of emergency following Conti ransomware attack
ransomware

Costa Rica declares state of emergency following Conti ransomware attack

10 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022