back to article Most smartphone users breach employers’ security, says survey

More than half of mobile device users access their employer's networks every day without permission, a survey has found. More than 80 per cent of users of mobile devices, whose security is not controlled by a company, say they have accessed work information. Network systems company Juniper Networks surveyed 6,000 mobile device …

COMMENTS

This topic is closed for new posts.
  1. Tom Chiverton 1
    FAIL

    This is ridiculous !

    My house wont give out an IP address unless I've typed in the MAC of the hardware I just bought.

    Why is this hard for business ?

    1. Simple Si
      Alert

      why?

      ...because a network MAC address filtering system is not secure -yes, it can help but at the end of the day is not secure as MAC addresses can be spoofed.

      Also access to company networks on personal mobile devices can be carried out from outside of the company network - e.g web email such as outlook web access and usually there is only comapny policy rather than a secure system in place telling users that they can't use personal devices on company systems.

      1. Skizz

        why not!

        Because most employees wouldn't know how to spoof a MAC address.

      2. frank ly

        @ Simple Si

        This article is about ordinary employees accessing the company network in an uncontrolled manner using Wi-Fi devices. Simple MAC address filtering with a formal procedure for registration and de-registration of devices is all you need to start having at least the beginnings of security.

    2. BryanM
      FAIL

      because...

      we'd need a large team of people to manage the 30,000 devices which need to be supported?

  2. Anonymous Coward
    Linux

    No surprise

    If employers weren't so anal about locking their networks down there would be no need to get round the corporate firewalls by using a phone ... or a portable memory stick

    1. George 24

      no surprise

      If employees were not constantly trying to abuse their employers networks, security would not have to be so tight.....

      1. frank ly

        Tongue in cheek

        I'm sure Harry's comment was meant as a joke. It was, wasn't it Harry?

        1. MrCheese
          Grenade

          If it's not a joke...

          I'll bet good money he's a salesman or senior exec, they're ususally the one's who think they're above the law

          1. Alex Johnson 1

            @MrCheese

            You mean the people generating the revenue? Idiot.

        2. Anonymous Coward
          Anonymous Coward

          uuuuh ... yeah ... of course ...

          .... I'll say anything to keep IT happy right now, currently waiting on a 3-day long call I could have solved in an hour myself if I had the rights on my computer but we're stuck with a glorified Speak n Spell with a remote helpline instead of an IT guy so I'd better not wind IT up too much or it'll be a week before the computer's back up and running!

          Let's face it, people will always find a way of using the internet at work. Lock down one route and they'll find another. Lock them all down and watch morale and productivity go down the pan.

      2. Charles Manning

        The game is called "cover your arse/ass"

        The company needs to be able to show that they have done what they could should sensitive info leak out.

        Sensitive data will always leak since people will take work home. While these days it might be on mobile kit or USB sticks, in the old days it was briefcases full of paper files.

      3. Alex Johnson 1
        WTF?

        @George 24

        ...If employees could see that IT behaved as they ask others to, it might help us take your concerns a little more seriously. Funnily enough, IT's computers all have admin rights. I'm not talking about developers. I'm talking about the people who check the printer toner. And, I think you can assume that if I'm posting on the Reg, I may not have your level of expertise, but I probably do. IT uses Chrome. I have to beg for IE8, with IE6 as standard until very recently. Locking people down is 5% real security, 5% perfectly justifiable operational consistency, and 90% laziness. I know, and you know it.

        1. Anonymous Coward
          Anonymous Coward

          @Alex

          You forgot "We'll have to charge for that - whats your budget code".

    2. MrCheese
      FAIL

      Oh I'm sorry...

      The corporate network and it's connected devices are merely productivity tools, the ONLY reason you get to use them is to make you more productive, they'erenot your toys and the company has every right to decide hat you can and cannot do, if a restriction is in place that prevents you from doing your job then there's a change control system for that but you sound like some freetard who thinks he's above the rules and gets to the corporate network as if it's his own toy

    3. Alex Walsh

      employers eh

      My other half works in a place that has digital cameras for image database purposes. They're now officially not allowed to plug the cameras into the work computers due to new IT policies to protect data.

      I suggested she use the power of thought to mentally transfer the data over from the CF card straight to her computers hard drive* but the only result was a slightly constipated expression.

      *akin to making beeping noises into your cassette decks microphone with it hooked up to your speccy in the hope you might just beep out the right noises to trick the computer into thinking you were loading The Sentinel.

  3. Chris 211

    Usefull tools!

    Does this include managing time and customer address's on personal mobile devices being field based?

    How the hell do you expect a field engineer/sales/whatever person to manage his/her time when away from the office? The truth is IT dont know what they are doing and simply put up barriers when it comes to anything out of the norm. Norm for who I wonder? By, bypassing the corporate data protection measures which are usually draconian, don't work (as observed) and generally some inexperienced and none-certified or in-experienced directors wet dream, field based people make themselves more productive despite these silly rules.

    MAC based filtering? What planet is the person who thought that was secure.

    Corporate access control requires mutual authentication and encryption. MAC filtering does none of these. Please leave security to the experts, then maybe something useful yet secure can be achieved.

    This survey simply points out the failings of the company to issue the tools to do a job while using polices instead of real security.

  4. Anonymous Coward
    Anonymous Coward

    OWA

    If you have OWA it's going to be accessed from a wide range of devices, it would be difficult to claim that someone using a smartphone is 'illegally' accessing company data, if you want to restrict thier access to a limited range of devices then don't use OWA.

    What is the definition of accessing the companies network that they are using anyway? We don't have site wireless and I haven't seen a smartphone with a network port and as for tablets the lack of connections on the IPad is well documented.

    If you do have site wireless then what security do you have if anyone and anything can connect?

  5. Anonymous Coward
    FAIL

    What about RADIUS and certificates and stuff like that?

    Are these work networks set up just like a stock home one?

  6. Daniel B.
    Boffin

    Um, which circumvention?

    If the company's network is locked down, what use is it to get your smartphone on the corporate network? No internet access with your PC, the same will apply to your gadget. The smartphone will do a better job of doing internetty stuff all by itself... in fact, I originally bought my first BlackBerry back in 2008 because of my then employer blocking all internet access. Technically, you aren't putting your company at risk for using your BB to surf/chat/whatever.

    However, if you actually use the smartphone to poke a hole to the public Internet, there I can see a big problem.

  7. Manu T
    Grenade

    lies lies lies damn lies

    That article is bollocks. Most "ordinary" employees aren't tech-savvy enough to "bypass their employers network".

    Most users on a global scale don't even own a smart-phone (or tablet). And even if they surf the web. It's usually via their own data-call plan. So basicly they have the same access as anyone else on the web (we're talking about web since most cell-phones/ipads dont have advanced networking tools beyond an email client and simple web-access).

    If they do manage to get WLAN connected I still fail to see the "insecurity" here as this is the same WLAN that's been set-up by the sys-admins o/t employer. Why should that be any less safe when accessed via a wifi-enabled cellphone then when accessed with a wifi-enabled laptop?

    Let's also not forget that these phones have crippled browsers and can't do much except simple HTTP and POP/IMAP/SMTP. I wonder how incomplete their javascript engine even is and using Java... well, yeah, we all know how that story goes (especially on an iPhone). Sure some have an IM client but these aren't the advanced stuff that you'll find on a desktop/laptop PC/Mac. so I really doubt all this.

    Someone is trying to be interesting here, another one of these "renowned security firms" that suddenly appeared out of nowhere and want to make waves by spreading this FUD.

This topic is closed for new posts.

Other stories you might like