CE-Oh no! Why C-level execs are one of the greatest mobile security risks
7 min read
04 July 2017
Enabling workforce flexibility and ensuring cybersecurity are at the top of the agenda for every business in 2017. However, these objectives don’t always go hand in hand. In fact, companies often pursue the former at the detriment to the latter – and it seems the CEO is often the greatest mobile security risk.
Companies are getting more mobile all the time, with staff accessing corporate data from almost any location, using multiple devices and connection methods, including free, public Wi-Fi hotspots. Even the London Underground is becoming a connectivity hub for commuters who want to make the most of their travels. But what does that mean in terms of mobile security?
Although this increase in mobility has resulted in an explosion of productivity, it has also expanded the attack surface for hackers, who have been quick to take advantage. Indeed, the latest iPass Mobile Security Report emphasised this growing threat in no uncertain terms. A vast majority of businesses (93 per cent) were concerned with providing mobile security and dealing with the challenges associated with a growing mobile workforce.
Trouble at the top
With significant increases in mobile-related data breaches, it is no surprise that businesses are concerned about cybersecurity threats. The grim reality is that this threat comes from the top down. Worldwide, four in ten respondents cited C-level employees, including the CEO, as being the highest risk of being hacked outside the office.
There is logic to this perception. Extremely mobile, executives are rarely confined to the office. During their working day, they have unrestricted access to the most sensitive company data imaginable, on multiple devices, in multiple locations. Highly valuable and mobile, they represent a prime target for any cybercriminal.
Nothing comes for free, the dangers of coffee shop WiFi
Free, public WiFi hotspots have become virtually ubiquitous. They are available the world over, whether in a local McDonalds or a public park. Cafes and coffee shops remain arguably the most popular locations for free public WiFi. They are often used by on-the-go workers and the connectivity offered has become essential for business tasks, from checking email to video conferencing.
Unfortunately, many coffee shops suffer from lax security standards, meaning that anyone using their open network is potentially vulnerable to being hacked. So great is the threat, more than three-quarters of businesses said coffee shops were the most high-risk locations, followed by hotels and airports. Ultimately, any location with free, unsecured WiFi should only be used under certain circumstances, after taking all the necessary precautions.
The threat landscape
Cybercriminals are increasingly using more varied and sophisticated attack methods, and have realised the great benefits of targeting mobile professionals. IT professionals have taken stock. Man-in-the-middle attacks in particular, whereby an attacker can secretly relay and even alter communication without the mobile user knowing, are considered to be the greatest security concern when using public WiFi hotpots (identified by 69 per cent of businesses).
Combining this attack method with the C-level attack target outlined earlier is a dream scenario for hackers. It gives them access to the most sensitive and valuable company data available. And their target is none the wiser.
Having already established that most businesses are increasingly concerned about mobile security threats, the next step is mitigating risk, which is no mean feat. One of the most common responses is a blanket ban on public WiFi. Some 68 per cent of businesses currently ban the use of public WiFi hotspots and an additional 14 per cent of organisations plan to ban them in the near future.
Although this may appear like a sound security method, it may well end up being detrimental to the business.
With the majority of devices being WiFi only, blocking connectivity to WiFi hotspots could result in a drastic reduction in productivity. Employees want to stay connected and productive both in and outside the office. Mobile workers will always seek WiFi connectivity, due to its convenience and guaranteed service, regardless of the security risks involved. Those workers may do so even if their employers have banned the use of public WiFi hotspots.
Therefore, companies must look at solutions like Virtual Private Networks (VPN) instead. These VPNs are able to secure data being sent across network connections, even when using a public WiFi hotspot, and therefore keep data safe from cybercriminals.
Businesses are more aware than ever of the threats they face. They know where the highest-risk locations are, who the highest-risk employees are, and what the highest-risk security threats are. Despite this, they are still struggling to find a balance between productivity and security. They must understand that burying their heads in the sand is not an adequate response, nor is ignoring the issue or implementing blanket bans.
Mobility should be embraced not shirked, as businesses are operating in a ‘mobile first’, ‘Wi-Fi-first’ world. They must ensure that their mobile workers are equipped with the services that allow them to get online and work securely at all times. Those that do will have a more empowered and more productive mobile workforce.
Patricia Hume is chief commercial officer at iPass