Mobile phone use may pose significant security risks for companies

Oct 29, 2013

(Phys.org) —New research suggests that companies are leaving themselves open to potentially serious security and legal risks by employees' improper use of corporate mobile devices.

Experts from the University of Glasgow looked at a sample of mobile phones returned by the employees from one Fortune 500 company and found that they were able to retrieve large amounts of sensitive corporate and . The loss of data such as this has potential , inviting breaches on both an individual and corporate level.

The data yielded by this study on 32 handsets included a number of items that could potentially cause significant security risks and, lead to the leakage of valuable intellectual property or exposed the company to legal conflicts.

The study is an important step in proving that the increasing use of in the corporate environments may be jeopardising security and compromising country specific data protection legislation.

Researchers believe that current policy and process that govern data security are not keeping pace with the growth of smartphone use with the corporate sector, a figure that was estimated to have increased by 22% in 2011 alone.

The study also highlighted that a substantial amount of personal information was retrievable from corporate handsets, which may also put personal as well as corporate security at risk by encouraging social engineering attacks targeting individuals within a specific country.  

Dr Brad Glisson, Director of the Computer Forensics and E-discovery MSc program at the University of Glasgow, said: "This study indicates that relatively featureless mobile phones are putting organisations at significant potential risk. The amount of corporate information involved is potentially substantial considering that the study targeted low end phones. The type of data stored on corporate mobile devices included corporate and personal information that is potentially putting both the company and the individual at risk."

"The amount of data that we recovered even from this limited study gives us an indication that there is an opportunity to improve policies from social-technical and technological resolution perspectives."

"This exploratory case study clearly demonstrates the need for appropriate policies and guidelines governing use, security and investigation of these devices as part of an overall business model. This becomes even more apparent as businesses gravitate towards the cloud."

Explore further: Making smartphone browsing 20% faster while reducing power consumption by 40%

More information: The study was presented at the 19th Americas Conference on Information Systems and published in the Association for Information Systems journal.

Full text available here: arxiv.org/abs/1309.0521.

Related Stories

Recommended for you

Microsoft beefs up security protection in Windows 10

9 hours ago

What Microsoft users in business care deeply about—-a system architecture that supports efforts to get their work done efficiently; a work-centric menu to quickly access projects rather than weather readings ...

US official: Auto safety agency under review

21 hours ago

Transportation officials are reviewing the "safety culture" of the U.S. agency that oversees auto recalls, a senior Obama administration official said Friday. The National Highway Traffic Safety Administration has been criticized ...

Out-of-patience investors sell off Amazon

22 hours ago

Amazon has long acted like an ideal customer on its own website: a freewheeling big spender with no worries about balancing a checkbook. Investors confident in founder and CEO Jeff Bezos' invest-and-expand ...

Ebola.com domain sold for big payout

22 hours ago

The owners of the website Ebola.com have scored a big payday with the outbreak of the epidemic, selling the domain for more than $200,000 in cash and stock.

Hacker gets prison for cyberattack stealing $9.4M

Oct 24, 2014

An Estonian man who pleaded guilty to orchestrating a 2008 cyberattack on a credit card processing company that enabled hackers to steal $9.4 million has been sentenced to 11 years in prison by a federal judge in Atlanta.

Magic Leap moves beyond older lines of VR

Oct 24, 2014

Two messages from Magic Leap: Most of us know that a world with dragons and unicorns, elves and fairies is just a better world. The other message: Technology can be mindboggingly awesome. When the two ...

User comments : 1

Adjust slider to filter visible comments by rank

Display comments: newest first

Tektrix
not rated yet Oct 29, 2013
The article sounds woefully late to the game. There is already a multi-million dollar mobile device management (MDM) software industry aimed right at enterprises, schools, and governments. There are simple-to-deploy solutions that scale easily to 10's of thousands of devices, which provide data-loss prevention, secure email, VPN (device and app level), the ability to remotely wipe sensitive data, lock and locate devices, and much more. Of course (and as the article points out), making good use of this tech also requires a corporate management structure that can design and implement a good system of internal security standards, device and app policies that meet those standards, and performance audits and measurements that can monitor policy effectiveness. There are plenty of training resources, too- this is really hot stuff in the data security industry and vendors are eager to sell their wares.