Mobile
1/15/2014
02:03 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
50%
50%

Feds Fail To Secure Mobile Devices

New study finds one-third of government workers use public WiFi and one-fourth don't password-protect the devices.

The federal government may have specific policies for security, but many of its users aren't adopting secure mobile practices and behaviors, according to a new study by the Mobile Work Exchange.

The public-private partnership's study, which was commissioned by Cisco Systems, is based on data gathered from the Mobile Work Exchange's self-assessment tool for organizations to measure the security of their mobile workforce. The report focused on tablets, smartphones, and laptops, and found that 90% of government users who were assessed by the tool use at least one of those devices for work.

More than 40% of government users are putting their agencies and devices at risk, according to the report, which encompassed 155 users and 30 different government agencies, mostly civilian. On the flip side, 86% lock their computers when they leave their desks and 78% store files in a secure place.

More than 30% use public wireless networks, the study found, 52% don't use multifactor authentication or encrypt their data, and 25% don't use passwords for their mobile devices

Read the rest of this story on Dark Reading.

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
WKash
50%
50%
WKash,
User Rank: Apprentice
1/15/2014 | 2:33:58 PM
Careful with the numbers
The warning from this report is fair.  Whether the magnitude of the problem is correct is another story.  These public-private research reports need to be viewed carefully as the numbers, and nature of respondents, is hardly statistically representative of government employees.

The fine print reveals: This report "reflects the calculator inputs of 155 individual government responses and 30 agency responses...and 97 individual and 24 organization responses from the private sector.  You can download the full study, by registering, which is the less obvious point of these research projects, at www.mobileworkexchange.com/2014tracker
.

 
Thomas Claburn
50%
50%
Thomas Claburn,
User Rank: Moderator
1/15/2014 | 3:38:37 PM
Re: Careful with the numbers
Are these figures really any different than those in the private sector?
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Containing Corporate Data on Mobile Devices
Containing Corporate Data on Mobile Devices
If you’re still focused on securing endpoints, you’ve got your work cut out for you. WiFi network provider iPass surveyed 1,600 mobile workers and found that the average US employee carries three devices -- a smartphone, a computer, and a tablet or e-reader -- with more than 80% of them doing work on personal devices.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.