Mobile

1/15/2014
02:03 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds Fail To Secure Mobile Devices

New study finds one-third of government workers use public WiFi and one-fourth don't password-protect the devices.

The federal government may have specific policies for security, but many of its users aren't adopting secure mobile practices and behaviors, according to a new study by the Mobile Work Exchange.

The public-private partnership's study, which was commissioned by Cisco Systems, is based on data gathered from the Mobile Work Exchange's self-assessment tool for organizations to measure the security of their mobile workforce. The report focused on tablets, smartphones, and laptops, and found that 90% of government users who were assessed by the tool use at least one of those devices for work.

More than 40% of government users are putting their agencies and devices at risk, according to the report, which encompassed 155 users and 30 different government agencies, mostly civilian. On the flip side, 86% lock their computers when they leave their desks and 78% store files in a secure place.

More than 30% use public wireless networks, the study found, 52% don't use multifactor authentication or encrypt their data, and 25% don't use passwords for their mobile devices

Read the rest of this story on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Ninja
1/15/2014 | 3:38:37 PM
Re: Careful with the numbers
Are these figures really any different than those in the private sector?
WKash
50%
50%
WKash,
User Rank: Apprentice
1/15/2014 | 2:33:58 PM
Careful with the numbers
The warning from this report is fair.  Whether the magnitude of the problem is correct is another story.  These public-private research reports need to be viewed carefully as the numbers, and nature of respondents, is hardly statistically representative of government employees.

The fine print reveals: This report "reflects the calculator inputs of 155 individual government responses and 30 agency responses...and 97 individual and 24 organization responses from the private sector.  You can download the full study, by registering, which is the less obvious point of these research projects, at www.mobileworkexchange.com/2014tracker
.

 
Want Your Daughter to Succeed in Cyber? Call Her John
John De Santis, CEO, HyTrust,  5/16/2018
Don't Roll the Dice When Prioritizing Vulnerability Fixes
Ericka Chickowski, Contributing Writer, Dark Reading,  5/15/2018
New Mexico Man Sentenced on DDoS, Gun Charges
Dark Reading Staff 5/18/2018
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "Security through obscurity"
Current Issue
Flash Poll
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
[Strategic Security Report] How Enterprises Are Attacking the IT Security Problem
Enterprises are spending more of their IT budgets on cybersecurity technology. How do your organization's security plans and strategies compare to what others are doing? Here's an in-depth look.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-2607
PUBLISHED: 2018-05-21
jenkins before versions 2.44, 2.32.2 is vulnerable to a persisted cross-site scripting vulnerability in console notes (SECURITY-382). Jenkins allows plugins to annotate build logs, adding new content or changing the presentation of existing content while the build is running. Malicious Jenkins users...
CVE-2018-1108
PUBLISHED: 2018-05-21
kernel drivers before version 4.17-rc1 are vulnerable to a weakness in the Linux kernel's implementation of random seed data. Programs, early in the boot sequence, could use the data allocated for the seed before it was sufficiently generated.
CVE-2018-11330
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. There is authenticated stored XSS because the character set for filenames is not properly restricted.
CVE-2018-11331
PUBLISHED: 2018-05-21
An issue was discovered in Pluck before 4.7.6. Remote PHP code execution is possible because the set of disallowed filetypes for uploads in missing some applicable ones such as .phtml and .htaccess.
CVE-2018-7687
PUBLISHED: 2018-05-21
The Micro Focus Client for OES before version 2 SP4 IR8a has a vulnerability that could allow a local attacker to elevate privileges via a buffer overflow in ncfsd.sys.