Staff's mobile devices 'a big cyber security threat'

One of the biggest cyber security threats companies face is their own employees. Almost a third of the 500 employees surveyed here as part of a new global study have lost company or personal data through their mobile phones and tablets.

This misuse could come from losing their phones, or sharing the devices with friends or colleagues.

The study by wireless networking company Aruba Networks surveyed 11,500 people across 23 countries.

"People don't think much about sharing their personal devices, but it can be a real security threat," said Mr Trent Fierro, the United States-based firm's head of security, product and solutions marketing.

This threat emerged about six years ago, when people began using personal devices for work. Security experts call this trend "BYOD", or bring your own device, where companies let employees use their own devices to access corporate data.

The study found that more than half here use their personal laptops for work. The number jumps to 81 per cent when it comes to smartphones.

But these devices are also used to access unsecured Wi-Fi networks, and install unsecured applications, said Mr Fierro. These can become "security loopholes", that hackers could use to gain access to data.

"Many people still don't have PIN codes (to secure their smartphones)," he said, highlighting the indifference to mobile security.

Men also appear to be a bigger security risk - with 26 per cent of them admitting to have lost data, compared with 15 per cent of women.

Those between the ages of 25 and 34 pose the greatest risk.

Mr Fierro said this might be because younger users are potentially less responsible, while men might be apt to "be out more often" and risk losing their devices.

The study surveyed professionals in a range of industries - including education, healthcare, finance and technology.

It found teachers here were 26 per cent more likely than their counterparts from technology companies to write their passwords on a piece of paper, which can be easily lost.

"People think that hackers won't want to hack into Singapore companies, but that's not true," said Mr James Chia, Aruba Networks' South-east Asia managing director.

Other cyber security experts said the lack of awareness often meant that when company data was compromised, employees may not even have realised it.

"These employees use apps like WhatsApp to communicate with each other. They are empowering themselves, but are not aware they could be putting company data at risk," said Mr Chong Chee Wah, founder of mobile security firm TreeBox Solutions.

He said companies should come up with policies or tools that would allow their employees to work in a secure manner.

This could take the form of using apps that encrypt instant messages, he said.

Finance executive Lim Wei Li, 29, said he would not mind using such tools, but he added: "The most important thing is that they have to be convenient to use."

dansonc@sph.com.sg

Get a copy of The Straits Times or go to straitstimes.com for more stories.