Employee carelessness poses security risk to businesses

Trend Micro report highlights perils of mobile device loss and Wi-Fi hijacking

Sensitive business data is being put at risk by the thoughtless behaviour of employees, a new report by Trend Micro has found.

The survey of 2,500 UK adults, published in a report entitled Britain's culture of carelessness with mobile devices, found over a quarter of smartphone users have had up to three work devices lost or stolen, and 63 per cent have no password protection on their phone at all.

The Tube is the most likely place for a phone to be lost or stolen in London (26 per cent), with the District and Circle lines proving to be particular blackspots.

A bar is the second most likely place for a smartphone to disappear (22 per cent), followed by a cafe (11 per cent) and a restaurant (8 per cent), according to the report.

At a roundtable to discuss the report's findings, representatives from Trend Micro, information security consultancy First Base, and law firm Taylor Wessing said the implications were clear for business.

James Walker, a security specialist at Trend Micro, said: "We talk about a watering hole from the point of view of compromising a website, [but if I were a criminal] I could know a bar where a certain target organisation would drink in after work, I could steal a mobile phone that's not password protected, send out a lot of phishing emails to lots of contacts within the organisation... and compromise a lot of people."

Vinod Bange, a partner at Taylor Wessing, added: "If you have an employee within an organisation who kept going to the accounts team and saying can I have 300 from petty cash please?' and came back the following day saying I lost it, can I have another 300?' and then the next day said sorry, I did it again, can I have another [300]?'   Who would do that?

"That is because cash is treated in a very particular way and it is about time organisations drew that link to treat information assets, whether it's personal data, confidential IP, or whatever it happens to be with the same degree of [restrictions]."

The report also examined the potential for data loss when using public Wi-Fi hotspots.

A team of ethical hackers from First Base used apps that were openly available on Google Play to clone a recognised Wi-Fi network, which volunteers' devices would then connect to automatically.

A hacker using this type of attack, known as an evil twin', is then able to see all the data sent, including sensitive corporate data and things that would normally be encrypted, like passwords. They could also restore sessions, to further mine data collected during the attack.

The volunteer victims' involved in these experiments said they felt scared that such an attacking method exists and that their privacy had been violated, even though it was just a simulation.

Featured Resources

How to scale your organisation in the cloud

How to overcome common scaling challenges and choose the right scalable cloud service

Download now

The people factor: A critical ingredient for intelligent communications

How to improve communication within your business

Download now

Future of video conferencing

Optimising video conferencing features to achieve business goals

Download now

Improving cyber security for remote working

13 recommendations for security from any location

Download now

Recommended

Malicious ‘dependency confusion’ packages are stealing password files
hacking

Malicious ‘dependency confusion’ packages are stealing password files

2 Mar 2021
AOL users are the target of a new phishing campaign
phishing

AOL users are the target of a new phishing campaign

1 Mar 2021
Lazarus APT hacking group is targeting the defense industry
Security

Lazarus APT hacking group is targeting the defense industry

26 Feb 2021
FedEx and DHL phishing emails target Microsoft users
phishing

FedEx and DHL phishing emails target Microsoft users

24 Feb 2021

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

26 Feb 2021
How to connect one, two or more monitors to your laptop
Laptops

How to connect one, two or more monitors to your laptop

25 Feb 2021
Ransomware operators are exploiting VMware ESXi flaws
ransomware

Ransomware operators are exploiting VMware ESXi flaws

1 Mar 2021