Smartphones are increasingly becoming popular as a communication tool in the workplace. Many companies no longer require their employees to be physically present in the office for eight or nine hours a day, as inter-office communications can be done through mobile devices.
Also growing in popularity these days is the so-called bring your own device (BYOD) policy, which allows employees to use their personal smartphone, tablet or even laptop at work.
However, as more employees use their personal gadgets for work, more and more employers are exposing sensitive business data – trade secrets, customers’ personal details, phone numbers and addresses, among many others - to cyber security attacks.
The risk is high when the employee’s mobile device is used in public, on unsecured networks or worse - when it is lost or stolen.
According to a study conducted by Kaspersky Lab and B2B International, the use of iPhones, Samsung and other smart mobile devices is one of the most common internal threats faced by businesses in the Gulf Cooperation Council Countries (GCC) area, with 25 per cent of the companies reporting loss or theft of mobile devices by staff.
Kaspersky’s Global Corporate IT Security Risks survey found that in the past 12 months, 24 per cent of all businesses in the UAE and other GCC countries have lost sensitive corporate information due to “internal IT threats”.
About two out of 10 companies (19 per cent) said the biggest source of data breach is due to loss of mobile devices by employees.
Cost of data breach
Data breaches, which can lead to identity theft or fraud, are a pain to companies, with each case costing an average of $3.5 million as of 2014, according to an analysis by Ponemon institute.
“While not all breaches will result in identity theft or other crimes, the fact that information is consistently being compromised increases the odds that individuals will have to deal with the fallout,” Eva Velasquez, president and CEO, ITRC has said.
The Identity Theft Resource Centre (ITRC) has recently issued a list of data breaches tracked in the United States last year.
According to the list, the number of data breaches hit a record high of 783 in 2014, representing a substantial increase of 27.5 per cent over the number of cases reported in 2013.
It appears that certain industries are more vulnerable to cyber attacks.
Based on ITRC’s data, most of the breaches (42.5 per cent) in the US last year were reported in the medical/healthcare industry, followed by the business sector (33 per cent) and government/military sector at 11.7 per cent.
The education sector accounted for 7.3 per cent of the breaches, while the banking/credit/financial industry accounted for 5.5 per cent.
Within the GCC region, however, telecom companies reported by far the highest rate of accidental leaks and data sharing by staff, at 42 per cent, according to Kaspersky. The utilities and energy sector reported the second-highest rate of this threat, at 33 per cent and manufacturing at 31 per cent.
Accidental leak
It’s not just lost mobile phones that have caused data breaches. A smaller proportion of the surveyed companies in the GCC (17 per cent) said another major source of data loss is due to accidental leak by staff, while 14 per cent cited “software vulnerability” incidents.
Other organisations also attributed the data loss to intentional information leaks from employees and security failures by a third-party supplier.
