Mobility is central to today’s business environment, enabling workers to bring their own devices and connect from remote locations to the company network. However, this practice opens the door to hackers, and CIOs in the United States and Europe are well aware of this.
Compiling responses of 500 CIOs and IT decision makers at organizations from the U.S., the U.K., Germany and France, the annual iPass Mobile Security Report offers a bird’s eye view of how businesses are handling the tradeoffs between mobility and security.
“Many organizations have now implemented Bring Your Own Device (BYOD) policies to empower their mobile workers. However, for all the positives this can bring, 94% of enterprises said BYOD has increased mobile security risks,” reads the report.
92% of organizations are concerned their growing mobile workforce poses an increasing number of challenges to mobile security, as workers persist in connecting to Wi-Fi hotspots in coffee shops, airports, hotels, exhibition centers and on flights.
“Given the amount of high-profile security breaches in recent years, it’s not surprising this issue is on the radar of CIOs,” said Raghu Konka, vice president of engineering at iPass. “The conundrum remains: how can they keep their mobile workers secure while providing them with the flexibility to get connected anywhere using their device of choice?”
Some 27% of organizations are taking a radical (and at the same time primitive) approach to addressing the issue: banning employee usage of free Wi-Fi hotspots. 40% say they ban their use only sometimes, and 16% say they plan on doing so in the future.
A universally accepted way to mitigate risks is to employ a virtual private network (VPN) solution, enabling workers to connect securely to the Internet from anywhere. A similar study in 2016 revealed that 26% of organizations were fully confident their mobile workers were using a VPN every time they went online outside their corporate environment, a figure that has jumped to 46% in 2018.
However, the good news stops here, as 54% of respondents aren’t fully confident their staff uses a VPN every time they connect to the web from their company-issued device. Other findings include:
- CIOs from companies surveyed in Germany (71%) believe their mobile workers have been hacked or caused a security issue.
- 81% of U.K. enterprises have seen Wi-Fi related security incidents occur in locations such as a coffee shop
- 68% enterprises from the U.S. have seen an incident after their workers connected to an airport Wi-Fi hotspot
- Almost half (42%) of U.K. enterprises don’t plan to ban the use of free Wi-Fi hotspots, significantly higher than in the U.S. (9%), Germany (10%), and France (12%)
- U.K. organizations (38%) are least confident that their mobile workers use a VPN every time they go online, versus Germany (53%), U.S. (49%) and France (41%).
CIOs have every reason to suspect their workforce was or is going to be hacked at some point because of negligence.
A survey of 612 CIOs and CISOs by Ponemon Institute places the “human factor” as the top threat faced by corporate environments, with 70% of respondents citing "lack of competent in-house staff," followed by 65% citing inadequate in-house expertise and careless employee falling for a phishing scam.
However, another detriment to corporate security programs and policies for years has been tight security budgets – something that many CIOs have turned into a board-room topic, with high hopes of producing a change as new laws are being implemented that threaten to seriously affect a company’s bottom line if found non-compliant.