Simply Security - News, Views, and Opinions from Trend Micro

Posted on August 29th, 2012 in Consumerization, Spotlight by Simply Security | 1 Comment | Tags: Consumerization, Spotlight

Poor laptop practices are putting enterprises at risk.

The consumerization of IT is changing the business landscape, allowing individuals to utilize consumer-focused solutions and platforms to perform work-related tasks inside and outside the office. When companies deploy these initiatives successfully, they can enhance teleworking capabilities, improve flexibility and increase overall satisfaction in the workplace. If decision-makers fail to educate employees on the importance of keeping these devices secure, however, a number of issues can arise.

One of the most disruptive forces associated with consumerization is BYOD (bring your own device). These programs enable employees to leverage personal smartphones, laptops, tablets and other gadgets in the workplace. A new nationwide study by CareerBuilder revealed that laptops, in particular, are becoming an increasingly important work platform in the enterprise. Despite their prevalence, a significant percentage of these devices are vulnerable to data loss as many companies are failing to teach individuals about the importance of
protecting their laptops.

The study found that more than one-quarter of workers use laptops for work, with 61 percent of them claiming they store sensitive information on their devices. Nearly half of survey respondents said this data includes confidential corporate documents, while another 27 percent said they store customer records. Other respondents said they housed personal financial and other private information on their laptops.

This suggests that employees should be implementing data security tools and following best practices to keep laptops safe, yet the study shows this is not happening.

Employees are putting data on laptops at risk

Some of the vulnerabilities in the enterprise are derived from pure laziness on behalf of workers, as the study revealed that 57 percent of respondents don't have a device to secure a laptop when it is left alone. Another 52 percent of employees don't lock their computers when they are away from their desks. This increases the risk of theft and unauthorized access to intellectual property, confidential corporate records and other sensitive files.

CareerBuilder also found that employees are putting their entire company at risk with or without their knowledge, as roughly 9 percent of workers have inadvertently downloaded malware on their laptops. Eighteen percent of individuals have also used their computers to open an email attachment from a sender they didn't know or accessed a website they knew wasn't protected.

"Laptops and mobile devices are quickly becoming the preferred technologies for many businesses," said Eric Presley, CTO at CareerBuilder. "It's important for employers and workers alike to take precautions to reduce vulnerabilities and keep company information secure."

How to reduce laptop vulnerabilities

A separate report by InfoWorld noted that using robust passwords is one of the best ways to enhance data protection on laptops and other mobile devices. Unfortunately, employees often take the easy way out and either implement weak passwords or don't use them at all.

The 2012 Global Security Report by Trustwave revealed that the most commonly utilized password in the global business landscape is "Password1." This is because it meets minimum data security requirements, as it contains a capital letter and a number. However, decision-makers should encourage workers to use stronger passwords that are hard to guess, even by people who know the employee fairly well. InfoWorld said using words that are not in the dictionary is one of the best ways to ensure no unauthorized individuals gain access to restricted files.

CareerBuilder also said employees should use common sense, which means never leaving mobile devices unattended and never opening attachments from unknown users. Regularly updating software and deploying advanced protection solutions can also improve a company's overall data loss prevention capabilities and reduce vulnerabilities that may be introduced with the consumerization of IT.

Data Security News from SimplySecurity.com by Trend Micro