Mobile
1/15/2014
02:03 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds Fail To Secure Mobile Devices

New study finds one-third of government workers use public WiFi and one-fourth don't password-protect the devices.

The federal government may have specific policies for security, but many of its users aren't adopting secure mobile practices and behaviors, according to a new study by the Mobile Work Exchange.

The public-private partnership's study, which was commissioned by Cisco Systems, is based on data gathered from the Mobile Work Exchange's self-assessment tool for organizations to measure the security of their mobile workforce. The report focused on tablets, smartphones, and laptops, and found that 90% of government users who were assessed by the tool use at least one of those devices for work.

More than 40% of government users are putting their agencies and devices at risk, according to the report, which encompassed 155 users and 30 different government agencies, mostly civilian. On the flip side, 86% lock their computers when they leave their desks and 78% store files in a secure place.

More than 30% use public wireless networks, the study found, 52% don't use multifactor authentication or encrypt their data, and 25% don't use passwords for their mobile devices

Read the rest of this story on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
1/15/2014 | 3:38:37 PM
Re: Careful with the numbers
Are these figures really any different than those in the private sector?
WKash
50%
50%
WKash,
User Rank: Apprentice
1/15/2014 | 2:33:58 PM
Careful with the numbers
The warning from this report is fair.  Whether the magnitude of the problem is correct is another story.  These public-private research reports need to be viewed carefully as the numbers, and nature of respondents, is hardly statistically representative of government employees.

The fine print reveals: This report "reflects the calculator inputs of 155 individual government responses and 30 agency responses...and 97 individual and 24 organization responses from the private sector.  You can download the full study, by registering, which is the less obvious point of these research projects, at www.mobileworkexchange.com/2014tracker
.

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-4293
Published: 2015-07-30
The packet-reassembly implementation in Cisco IOS XE 3.13S and earlier allows remote attackers to cause a denial of service (CPU consumption or packet loss) via fragmented (1) IPv4 or (2) IPv6 packets that trigger ATTN-3-SYNC_TIMEOUT errors after reassembly failures, aka Bug ID CSCuo37957.

CVE-2014-7912
Published: 2015-07-29
The get_option function in dhcp.c in dhcpcd before 6.2.0, as used in dhcpcd 5.x in Android before 5.1 and other products, does not validate the relationship between length fields and the amount of data, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory c...

CVE-2014-7913
Published: 2015-07-29
The print_option function in dhcp-common.c in dhcpcd through 6.9.1, as used in dhcp.c in dhcpcd 5.x in Android before 5.1 and other products, misinterprets the return value of the snprintf function, which allows remote DHCP servers to execute arbitrary code or cause a denial of service (memory corru...

CVE-2015-2977
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to create arbitrary files, and consequently execute arbitrary code, via unspecified vectors.

CVE-2015-2978
Published: 2015-07-29
Webservice-DIC yoyaku_v41 allows remote attackers to bypass authentication and complete a conference-room reservation via unspecified vectors, as demonstrated by an "unintentional reservation."

Dark Reading Radio
Archived Dark Reading Radio
What’s the future of the venerable firewall? We’ve invited two security industry leaders to make their case: Join us and bring your questions and opinions!