Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Firms fail to tackle mobile security risk

From: InfoSec News <isn () C4I ORG>
Date: Fri, 20 Oct 2000 18:29:49 -0500
http://www.zdnet.co.uk/news/2000/41/ns-18581.html

Fri, 20 Oct 2000 12:03:55 GMT
David Neal, IT Week

Allow remote access? Let temporary workers onto your systems? You
could be leaving yourself open to all sorts of trouble, says survey

Businesses should reassess their security strategies taking into
account modern practices such as working from home and allowing
temporary workers access to company databases, according to new
research.

The survey, Security Risk Management in the Flexible Workplace, was
conducted by BindView, a supplier of risk management solutions. Paul
Silver, director of operations for the UK and Scandinavia, said the
survey highlighted two problems: firms lack the necessary security
procedures to avoid internal and external breaches of security, and
leave themselves wide open by using easily hackable system passwords.

Only 12 percent of the companies questioned had a policy regarding
communications over mobile networks. Twenty-seven percent of
respondents said their employees used notebook PCs remotely at client
business premises while 37 percent said staff worked from home via
remote access to the corporate network. This, said Silver, "opens up
communications to hackers who could access cached user names and
passwords". Other security threats come from employees using notebooks
on public transport - found to be common among half of the companies
polled.

In addition, 53 percent of managers questioned said their IT
department often had no idea where company laptops were. And when
those laptops are in workers' homes, most are lent to friends or
flatmates.

Silver advised that companies should plan an effective strategy and
put security products and procedures in place, but most importantly he
warned, "They need to pass their message on to their workers."

BindView polled 1000 UK companies across all business areas.

What To Do Checklist:

* Choose passwords that are not easily identified or guessed at

* Do not give temporary workers access to sensitive company or
  customer information

* Create a company policy that governs the use of equipment both
  inside and out of the office.

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: