Skip to navigation

0330 660 0277 | | Contact

Secure, optimised mobile solutions for the liberated future

0330 660 0277


BYOD and social media rising security threats: PwC.

19 April 2012 | Application Security ,Security ,Growing Mobile Workforce ,Protecting IP

The research out of the 2012 Information Security Breaches Survey (ISBS), written by PwC in conjunction with Infosecurity Europe and supported by the Department for Business, Innovation and Skills, also reveals:

  •  82% of large organisations reported security breaches caused by staff, including 47% who lost or leaked confidential information
  • Only 39% of large organisations encrypt data downloaded to smart phones and tablets
  • 54% of small businesses (38% of large organisations) don’t have a security awareness programme
  • 52% of small businesses say social networking sites are important to their business, only 8% monitor what their staff post on those sites.
  • BYOD does seem to be bcoming more and more of a factor. PwC says 75% of large organisations - and 61% of small businesses - allow staff to use smartphones and tablets to connect to their corporate systems, but only 39% (24% of small businesses) apply data encryption on the devices.

Personalisation is creating new security threats, from both malicious software and data loss, the report will show when published in full next week, with its authors warning organisations that allow personally owned devices tend to have weaker controls than those that allow corporate devices only.

“With the explosion of new mobile devices and the blurring of lines between work and personal life, organisations are opening their systems up to massive risk,” thinks PwC information security partner Chris Potter.

“Smartphones and tablet computers are often lost or stolen, with any data on them exposed. Mobile devices can literally drill straight through your security defences, if you’re not careful.

“However, organisations aren’t responding to these new challenges. Just as we saw a decade ago with computer viruses, companies are slow to adjust their controls as technology usage changes... It’s vital to tell your staff about the risks; if you don’t, your own people could inadvertently become your worst security enemy.”

Lack of staff buy-in still an issue
Despite many years of worrying about security, it still seems only 26% of respondents with a security policy believe their staff have a very good understanding of it, while 21% think the level of staff understanding is poor.

Even worse - 75% of organisations whose security policy is poorly understood had staff-related security breaches in the last year. One in seven organisations that give a high or very high priority to security haven’t written down their policy; most of these are small businesses that rely on word of mouth instead, but only a third think their staff fully understands it.

But companies that have invested in staff awareness training meanwhile are reaping the benefits – they are four times as likely to have staff who clearly understand the security policy and half as likely to have staff-related security breaches as organisations that don’t train their staff, PwC claims.

Unregulated Twitter issue?
As for social media, half of the organisations surveyed say they think social networking sites are important to their business, up from only a third two years ago, yet, controls aren’t keeping pace. The study says only 8% of small businesses and 13% of large ones monitor what staff post onto social networking sites.

“Given how important social networks have become over the last few years, it’s surprising how little the control techniques used have changed,” adds Potter.

“Companies are now much more dependent on the relatively anarchic information flows within social networks. Above all, dependence on the Internet is at an all-time high, which organisations often find out the hard way. “Many are opening up their systems - but doing little to mitigate the risks."

Appurity are helping businesses, large and small, with their mobility strategy which includes security. We look at the applications that are needed to be delivered to the users and how these are to be both optimised and secured. The technologies integrated compliment one another, ensuring a more comprehensive solution.