57% of CIOs say mobile workers hacked in last year

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

57% of CIOs believe mobile workers have had a security incident in last 12 months

More than half of CIOs (57 percent) believe that their mobile workers have either been hacked or have “caused a security incident” in the last 12 months, according to a new report from mobile connectivity company, iPass.

The iPass Mobile Security Report 2018, researched by Vanson Bourne, surveyed CIOs and IT decision makers in 500 organisations from the US, the UK, Germany, and France.

It found that the majority of CIOs (81 percent) said their organisations had experienced Wi-Fi related security incidents in the last 12 months, with cafes and coffee shops (62 percent), airports (60 percent), and hotels (52 percent) being the most common locations for problems.

Putting the why in Wi-Fi

Risks include the use of insecure hotel or cafe networks, hacking attempts, shared data or systems access, divulging login credentials, or the receipt of malware. In some hotels, for example, Wi-Fi users may be able to see other devices on the network and, if those devices have sharing enabled, be able to access private files.

The problem appears to be most acute in the UK, where 81 percent of respondents said workers had experienced security problems using the free Wi-Fi in cafes, in particular. Many cafes require users to register devices or credentials, and access is offered in return for marketing data.

The surveys’ respondents also reported security incidents in other public spaces, such as train stations (30 percent), exhibition centres (26 percent), and on planes in flight (26 percent).

“Mobile professionals are taking matters into their own hands, frequently taking security risks in their pursuit of staying connected,” says the report.

Mobile working is becoming the norm for many enterprises, with industry analysts Strategy Analytics predicting that there will be 1.75 billion mobile workers by 2020 – one quarter of the entire global population.

At the same time, mobile security threats are on the rise too: according to the McAfee Mobile Threat Report Q1 2018, 16 million users were hit with mobile malware in the third quarter of 2017 alone.

BYOD: Bring Your Own Danger?

Despite bring your own device (BYOD) schemes now being a mainstream IT policy, an overwhelming 94 percent of IT decision makers said BYOD had increased mobile security risks, while 92 percent said they were concerned that their growing mobile workforce presented significant security challenges.

“Despite the large number of people working remotely, Gartner says fewer than a quarter (23 percent) have been supplied with a mobile device by their employer,” says the report. “This leaves enterprises open to security risks, as they do not have control over the security settings or capabilities of devices that are being used.

“Enterprises are in a Catch-22 situation when it comes BYOD. Many enterprises realise it can improve not only employee productivity, but also wider job satisfaction. However, there is a trade-off with potential security risks.”

The mobile conundrum

“Given the amount of high-profile security breaches in recent years, it’s not surprising that this issue is on the radar of CIOs,” said Raghu Konka, VP of engineering at iPass.

“The conundrum remains: how can they keep their mobile workers secure while providing them with the flexibility to get connected anywhere using their device of choice?”

One solution is to ban employee use of free hotspots entirely; more than one-quarter (27 percent) of organisations are taking this hardline approach, while 40 percent ban their use sometimes. A further 16 percent plan to introduce a ban on public Wi-Fi in the future.

This suggests that some aspects of the mobile working culture may be on the wane.

However, with many employees working remotely or flexibly via their own devices at least some of the time, such bans may be impossible to enforce or police. This is particularly the case if organisations still expect to see productivity gains from flexible working, and still demand access to their employees while they are travelling or out of the office.

“As most electronic devices only have a Wi-Fi connection, banning mobile workers from accessing free-Wi-Fi connections at coffee shops, hotels, and airports is akin to cutting off your nose to spite your face,” says the report.

Virtual privacy

A better approach is to use virtual private networks (VPNs). In 2016, iPass found that 26 percent of companies were confident that mobile workers were using a VPN every time they went online, and this has jumped to 46 percent in 2018. However, that still means more than half of organisations (54 percent) aren’t confident about mobile VPN usage.

“While putting a blanket ban on accessing public Wi-Fi hotspots could initially appear to stop the security problem at source, the fact of the matter is that mobile workers will stop at nothing to get themselves online. There’s no point in putting roadblocks in their way without also providing a solution,” said Konka.

“With a secure connection through a VPN, enterprises can have confidence that Wi-Fi hotspot usage will have a positive, rather than negative, impact on their business.

“The key for organisations is to educate mobile workers about today’s security threats, and to provide them with the tools to remain productive and secure,” he added.

But is it that simple?

The report adds, “There are several barriers preventing mobile workers from connecting to VPNs, including the fact that mobile workers might not want personal data to run over the corporate network, and connecting to VPNs can take extra time.

“[Therefore] the challenge lies in building employee knowledge of the importance of using VPNs every time they go online, and how to connect to one in a quick manner.”

Internet of Business says

The key with mobile security is not to regard it primarily as a technology problem demanding a technology solution, but to see it first and foremost as a matter of common sense and enforceable policy.

Assume everyone is watching or listening and proceed from that point. After all, hackers – and journalists – are well aware of people’s lack of common sense in public spaces.

Then add technology, and mix to taste.

Read more: GDPR: Consumers demand more data privacy from the IoT

Read more: IoT Security: How to fight attacks on health, energy, and transport

Read more: Reports reveal critical need for IoT cybersecurity upgrade

Read more: IIoT security: How to secure the ‘Internet of Threats’, by IBM

 

The post 57% of CIOs say mobile workers hacked in last year appeared first on Internet of Business.

Internet of Business

Cash For Apps: Make money with android app

Baltimore’s 911 dispatch system was hacked last weekend

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

Baltimore's 911 dispatch system was hacked over the weekend and authorities temporarily shut it down. The mayor's office confirmed to The Baltimore Sun that the system was digitally infiltrated early Saturday morning, but provided no other details wh…
Engadget RSS Feed
Cash For Apps: Make money with android app

This top-rated VPN will keep you from getting hacked — and it’s 92% off [Sponsored Deal]

How Complete Beginners are using an ‘Untapped’ Google Network to create Passive Income ON DEMAND

It’s no secret that with cybercrime on the rise, protecting your online data with a VPN is essential. But the question remains: which VPNs are reliable and which VPNs are scams barely worth a free download?

If you’ve done any basic research, you’ve most likely come across Windscribe VPN, a relatively new provider out of Canada that has made its rounds amongst trusted reviewers and sites like PCWorld (which gave it 4/5 stars).

Read More

This top-rated VPN will keep you from getting hacked — and it’s 92% off [Sponsored Deal] was written by the awesome team at Android Police.

Android Police – Android news, reviews, apps, games, phones, tablets

Cash For Apps: Make money with android app

Russia hacked the Olympics and tried to pin it on North Korea

Now that the 2018 Winter Olympics are over, we're now learning who was responsible for hacking the games' systems… and the culprit won't surprise you at all. US intelligence officials speaking anonymously to the Washington Post claimed that spies…
Engadget RSS Feed

The Morning After: Apple’s HomePod gets hacked apart

Morning there! Apple's technically impressive HomePod has literally been hacked into pieces, we get a taste of Qualcomm's potent smartphone chip (coming soon) and strap an editor into an Iron Man toy mask in the interests of Journalism with a capital…
Engadget RSS Feed

WordPress plugin hacked to mine cryptocurrency: government, ICO, NHS sites hit

US think-tank calls for IoT device design to be regulated

US and UK government websites have been hit by malware mining Monero.

Government websites in the US and UK, including that of the UK Information Commissioner’s Office (ICO), have been hit by malware designed to mine cryptocurrency.

According to security researcher Scott Helme, the security breach resulted in over 4,000 sites serving up the malicious code.

Others affected include the UK Student Loans Company (SLC), National Health Service (NHS) Scotland, and the Queensland government portal in Australia.

The compromised plugin is called Browsealoud, which helps visually impaired people to access text on websites. The malware uses a site visitor’s own processor to mine for the Monero cryptocurrency.

Helme was made aware of the hack by fellow security specialist Ian Thornton-Trump, who discovered that the ICO’s website was hosting the malware.

Four-hour window of opportunity

Texthelp, the company that makes the plugin, reported that its product was infected for four hours, according to a blog post by security firm Wordfence. Browsealoud was taken offline as soon as the problem was spotted.

In his own blog post, Helme said that the script for the Browsealoud plugin, ba.js, was altered to include the Coinhive cryptocurrency miner, which targets Monero.

“If you want to load a cryptominer on 1,000+ websites, you don’t attack 1,000+ websites, you attack the one website that they all load content from,” he said.

“In this case, it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.”

Security testing

In a statement, Texthelp data security officer Martin McKay said, “Texthelp has in place continuous automated security tests for Browsealoud, and these detected the modified file and as a result the product was taken offline.

“This removed Browsealoud from all our customer sites immediately, addressing the security risk without our customers having to take any action. Texthelp can report that no customer data has been accessed or lost.”

He added that a security review would be conducted by a specialist independent consultancy. That investigation is still ongoing, and customers will receive an update when it has been completed.

Internet of Business says

As this ‘supply chain hack’ reveals, the downside of an interconnected world is that security problems can spread worldwide in seconds. This will be a major issue in the years ahead for the IoT, unless smart device manufacturers put enterprise-grade security programmes in place to match the reactive security programmes that have been developed over a quarter century of online business.

The post WordPress plugin hacked to mine cryptocurrency: government, ICO, NHS sites hit appeared first on Internet of Business.

Internet of Business

Binance: Calm down, we haven’t been hacked


When money is on the line, going dark without warning is rarely the best idea. Last night, Hong Kong-based cryptocurrency exchange Binance did just that. With little warning beforehand, and a message afterward claiming it needed 12 hours to complete site upgrades, people started to panic. And then 12 hours turned to 24. Binance, though, assured customers again today that everything was fine, claiming the outage was due to a server issue that caused data to fall out of sync. Chief executive Changpeng Zhao announced last night that the development team would need to re-sync from a master database, a…

This story continues at The Next Web
The Next Web

OnePlus Website Gets Hacked, Credit Card Details Of Customers Compromised

OnePlus has mailed customers and released a statement confirming that anyone who has made a purchase via its website since November may be at risk.

[ Continue reading this over at RedmondPie.com ]

Redmond Pie