Information Security News mailing list archives
Firms fail to tackle mobile security risk
From: InfoSec News <isn () C4I ORG>
Date: Fri, 20 Oct 2000 18:29:49 -0500
http://www.zdnet.co.uk/news/2000/41/ns-18581.html Fri, 20 Oct 2000 12:03:55 GMT David Neal, IT Week Allow remote access? Let temporary workers onto your systems? You could be leaving yourself open to all sorts of trouble, says survey Businesses should reassess their security strategies taking into account modern practices such as working from home and allowing temporary workers access to company databases, according to new research. The survey, Security Risk Management in the Flexible Workplace, was conducted by BindView, a supplier of risk management solutions. Paul Silver, director of operations for the UK and Scandinavia, said the survey highlighted two problems: firms lack the necessary security procedures to avoid internal and external breaches of security, and leave themselves wide open by using easily hackable system passwords. Only 12 percent of the companies questioned had a policy regarding communications over mobile networks. Twenty-seven percent of respondents said their employees used notebook PCs remotely at client business premises while 37 percent said staff worked from home via remote access to the corporate network. This, said Silver, "opens up communications to hackers who could access cached user names and passwords". Other security threats come from employees using notebooks on public transport - found to be common among half of the companies polled. In addition, 53 percent of managers questioned said their IT department often had no idea where company laptops were. And when those laptops are in workers' homes, most are lent to friends or flatmates. Silver advised that companies should plan an effective strategy and put security products and procedures in place, but most importantly he warned, "They need to pass their message on to their workers." BindView polled 1000 UK companies across all business areas. What To Do Checklist: * Choose passwords that are not easily identified or guessed at * Do not give temporary workers access to sensitive company or customer information * Create a company policy that governs the use of equipment both inside and out of the office. ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Firms fail to tackle mobile security risk InfoSec News (Oct 20)