Report: Mobile Users Often Lax About Security

A new report by InsightExpress finds that many wireless workers are not cognizant of security and best practices.

When it comes to securing a wireless workforce, enterprises may have their hands full, according to a study performed by the research firm InsightExpress, based in Stamford, Conn.

Their research found that 73 percent of mobile users admitted they are not always cognizant of security threats and best practices. More than 25 percent also conceded they either hardly ever or never consider security risks and proper behavior, offering reasons such as "Im busy and need to get work done" and "Its ITs job, not mine" as justifications.

The online survey, which was commissioned by Cisco Systems and the National Cyber Security Alliance, included responses from 700 mobile workers in seven countries, including China, Germany, India and the United States.

In the United States, 36 percent of those surveyed said they were unconcerned or hardly concerned with threats when using wireless devices. Employees in the U.S. were the third most likely to have received IT training on security risks and controls, with 46 percent reporting they had. China was first with 58 percent, while India was second with 55.

Forty-four percent of all mobile users surveyed admitted to opening emails and or attachments from unknown or suspect sources. In China, India, and the United Kingdom, more than half of mobile end users admitted to this behavior, and in the United States, 39 percent admitted doing so.


Read more here about why protecting smart phones and PDAs will be the next wave in security.

"I think that security awareness and user responsibility will increase particularly as we see and hear more about threats," said Fred Kost, director of security solutions for Cisco. "People get educated when theres an incident. But they dont have to learn the hard way. As more proactive training and education programs are put in place, we definitely feel that awareness will increase, influencing better behavior."

Craig Mathias, a principal at the Farpoint Group in Ashland, Mass., said businesses need to take something of a carrot and a stick approach to security.

"I think its a matter of education, to be sure, but also providing negative reinforcement when an employee obviously skirts enterprise policies and procedures," he said. "We also need to make security easier. Thats why I like two-factor authentication—easy, reliable, and difficult to work around. Its also critical to have a written security policy, which is not universal at this point."

On the plus side for users in the United States, the threat of spam and malware on wireless devices such as smart phones and PDAs remains relatively small.

"Its not a huge problem yet, given the lack of standardization of operating environments and few technically-astute slimeballs wanting to explore their weaknesses," Mathias said. "Malware on mobile devices could become a bigger problem if we have an expansion of the capabilities of mobile operating systems."

Check out eWEEK.coms Security Center for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEKs Security Watch blog.