GFI Software announced the findings of an extensive independent research project looking at end user use of mobile devices at work and in their daily commute to and from the workplace, which revealed that commuters are using free, unsecured and unknown Wi-Fi services for accessing sensitive company data in greater numbers.
The survey of 1,001 UK office workers with a tablet or smartphone who travel to and from work on a train, bus or tube was carried out by Opinion Matters, and revealed not only that mobile devices and using data services are firmly entrenched as the primary activity of the average commuter, but also that commuters and their employers are falling foul of data security issues, as well as heightened risk of physical crime.
100% of the survey respondents acknowledged that they used open, public Wi-Fi connections at least once a week to carry out work-related tasks such as sending and receiving email, reviewing and editing documents and logging into other company servers and storage repositories.
On average, users connected to public Wi-Fi to do work and access work systems 15 times a week, putting company data and passwords at risk from packet sniffing and other forms of traffic interception.
via Travelers regularly connect to free, unsecure Wi-Fi networks.
Mobile users, especially those that travel regularly, are prime targets in any enterprise. Security education needs to start with these users but often aren’t. Heavy travelers tend toward high-ranking managers or corporate officers. They tend towards:
- Security breeches are something that happens to other people
- I’m too important
- Nothing bad ever happens to me
The coddling nature of many corporate IT departments to the higher-ups ultimately lead to major security breaches. The “velvet glove” approach to executives encourages the sense of invincibility that leads to a major security breach.
IT departments would do better by treating all users as adults and professionals able to handle direction and constructive criticism.
By extension, a manager or corporate officer – made aware of the real threat – will be more likely to fire up the VPN than surf the unprotected wifi.
Your mileage may vary.
What is your take?