Mobile
1/15/2014
02:03 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds Fail To Secure Mobile Devices

New study finds one-third of government workers use public WiFi and one-fourth don't password-protect the devices.

The federal government may have specific policies for security, but many of its users aren't adopting secure mobile practices and behaviors, according to a new study by the Mobile Work Exchange.

The public-private partnership's study, which was commissioned by Cisco Systems, is based on data gathered from the Mobile Work Exchange's self-assessment tool for organizations to measure the security of their mobile workforce. The report focused on tablets, smartphones, and laptops, and found that 90% of government users who were assessed by the tool use at least one of those devices for work.

More than 40% of government users are putting their agencies and devices at risk, according to the report, which encompassed 155 users and 30 different government agencies, mostly civilian. On the flip side, 86% lock their computers when they leave their desks and 78% store files in a secure place.

More than 30% use public wireless networks, the study found, 52% don't use multifactor authentication or encrypt their data, and 25% don't use passwords for their mobile devices

Read the rest of this story on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
1/15/2014 | 3:38:37 PM
Re: Careful with the numbers
Are these figures really any different than those in the private sector?
WKash
50%
50%
WKash,
User Rank: Apprentice
1/15/2014 | 2:33:58 PM
Careful with the numbers
The warning from this report is fair.  Whether the magnitude of the problem is correct is another story.  These public-private research reports need to be viewed carefully as the numbers, and nature of respondents, is hardly statistically representative of government employees.

The fine print reveals: This report "reflects the calculator inputs of 155 individual government responses and 30 agency responses...and 97 individual and 24 organization responses from the private sector.  You can download the full study, by registering, which is the less obvious point of these research projects, at www.mobileworkexchange.com/2014tracker
.

 
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If youíre still focused on securing endpoints, youíve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0993
Published: 2014-09-15
Buffer overflow in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder XE6 20.0.15596.9843 allows remote attackers to execute arbitrary code via a crafted BMP file.

CVE-2014-2375
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.

CVE-2014-2376
Published: 2014-09-15
SQL injection vulnerability in Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVE-2014-2377
Published: 2014-09-15
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to discover full pathnames via an application tag.

CVE-2014-3077
Published: 2014-09-15
IBM SONAS and System Storage Storwize V7000 Unified (aka V7000U) 1.3.x and 1.4.x before 1.4.3.4 store the chkauth password in the audit log, which allows local users to obtain sensitive information by reading this log file.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant