Security threats on handheld and mobile computing devices have significantly increased during the past year, according to new research by the Computing Technology Industry Association (CompTIA).
“The fact that so many more people are doing this computing remotely has raised the stakes for a lot of organizations and presented more opportunities for security breaches to occur,” said Steven Ostrowski, director of corporate communications for CompTIA.
In the survey, titled “Trends in Information Security: A CompTIA Analysis of IT Security and the Workforce,” nearly three out of four respondents said their companies allow employees to access data networks remotely, but less than half have implemented any type of security awareness training. Just 19 percent have plans to do so in the coming year.
“Even the simplest things [such as] losing a handheld device, leaving it behind in a hotel room or cab, losing or misplacing a password, opening up an e-mail attachment and unleashing a worm or a virus or some other threat — using a mobile device to get on a network for unauthorized purposes — those are some simple things. But there are some nefarious things that can happen,” Ostrowski said.
A little basic training in this department can go a long way, however. Ninety-two percent of the organizations that have implemented security awareness training said they have experienced fewer major security breaches, according to the survey.
“There’s a significant opportunity for companies to train [employees] on how to dial in to a network, access an e-mail account, browse the Web, etc., and to do it safely and securely,” Ostrowski said.
That’s not to say all employees should be certified in IT security; rather, they should receive some form of training on safe computing practices, Ostrowski said. An easy way for companies to do this is to include it in new-hire orientation.
“[At the orientation, the company] tells you how to file for insurance benefits, which holidays you have, how to escape the building if there’s a fire drill. But I suspect very few companies spend time saying, ‘This is the right way to do e-mail from home,’” Ostrowski said.
Finally, the cost savings linked to the implementation of security training for employees can be significant. After all, when a security breach knocks out a server or network, employee productivity is sapped. More than half of the savings brought on by introducing security training come from avoiding that problem.
“Again, it’s simple things: Web browsing, e-mail, not taking a Post-It note with your password and sticking it on top of your laptop and walking away,” Ostrowski said. “These seem like common-sense things, but people often do it and the result causes problems.”
- Deanna Hartley, firstname.lastname@example.org