Enterprise Governance Risk and Compliance Management
Posted by fallenx888x on Monday, November 26, 2012
Bring-your-own-device (BYOD)
programs have become increasingly popular with employees, many
preferring the freedom to utilize the personal mobile device of their
choiceand do business whenever and wherever they chose. However,
according to a recent survey conducted by Coalfire, an IT governance,
risk and compliance services company, the movement toward BYOD
introduces a growing number of new mobile security risks and companies
are not taking necessary measures to protect their sensitive company
data. In its study, Coalfire found that BYOD programs lacking adequate
security controls, employer policies and employee education are putting
corporate data at risk.The study, based on a poll of approximately 400
non-IT department individuals in a variety of industries, found 47
percent of respondents have no passcode on their mobile phone, even
though 84 percent of individuals stated that they use the same
smartphone for personal and work usage. When informed that a strong
password should be comprised of at least 8 characters, including
letters, numbers and symbols, only 50 percent of smartphone user
respondents claimed to have strong passwords.The survey also focused on
user behavior. Coalfire found six in 10 respondents still write
passwords down on a piece of paper while 36 percent of workers reuse the
same password for different accounts. Thirty-two percent admitted to
having joined unsecured, public Wi-Fi networks. Nearly four in 10
admitted to having clicked on links from emails purporting to be from
financial institutions, a common phishing trap, while half of
respondents said they clicked on links through social media. These
high-risk security practices are especially worrisome when combined with
users' access privileges. Thirty percent of smartphone users
acknowledged that they have access to sensitive information, while
another 16 percent weren't sure if they have such access.While these
statistics are troubling for organizations, employees are not solely to
blame for potential mobile security risks associated with BYOD. In an IT
security review, Coalfire auditors found that companies often have
policies in place, but employees are not aware of them.For more
info,Please visit Enterprise Governance Risk and Compliance Management
Sixty-two percent of respondents said they had no knowledge of a
company mobile device policy and only 25 percent reported a discussion
from IT about mobile security.Recommendations to help secure corporate
data on mobile devices include creating a mobile device policy and
communicating it early and often; Have employees read and sign off on
the policy; Enforce strong passwords and password rotation; Use all
methods available to control access to company data on mobile devices;
Regularly test your defenses to make sure that infected devices and
careless users don't place your organization in jeopardy; And last but
not least, make certain employees use a responsible and approved mobile
buyback and recycling company when it is time to retire their used
devices to ensure sensitive data that may be left on the devices does
not end up in the wrong hands.For other details click here