Almost 70% of civil servants think personal laptops raise ITsec risks

In a survey carried out by Dods for the IT security vendor, researchers also found that 80% are concerned about the security of privately-owned smartphones in the workplace.

Interestingly, however, 47% of respondents said that they think this risk is greater than using work smartphones for the same purposes.

The survey, which took in responses from 858 senior UK civil servants, confirms the issues raised by the Information Security Forum in a report issued early last month, Infosecurity notes.

According to Ollie Hart, Sophos' head of public sector business, public sector organisations need to address the use of consumer devices for work purposes on two fronts.

"Firstly, we have to consider that these devices are not designed for corporate use, and so the security settings may not be optimised for the work place", he said.

"Secondly, when people are using their own devices for work, either in the office or remotely, it's likely that they won’t consider the same security risks as they do when using work-provided equipment", he added.

Hart went on to say that educating staff and IT teams on security principles - such as the importance of encrypting classified information - is now essential, regardless of the type of device that they are using.

In the ISF report - entitled `Securing Consumer Devices’ - meanwhile, the security forum identified a number of key strategies to deal with securing mobile devices in the workplace.

Delving into the report reveals that the forum's strategy is to break down consumer device security into four manageable components:

Governance - with no control over consumer devices, little or no visibility of usage and penetration, and poor knowledge of ownership, policies or compliance, organisations need to create a framework for ensuring correct and consistent mobile device security assurance

Users - with no control over consumer device working practices, users are free to mix work and personal tasks and data. Organisations, argues the ISF, need to ensure employees are aware of what constitutes good working practice for mobile devices, by creating an Acceptable Use Policy (AUP) for staff to sign. The report includes an easy-to-use AUP to get businesses started.

Devices - left unprotected and unmanaged, consumer devices are exposed to a range of potential security threats, including malware targeted at the device's OS or apps, unauthorised connections, and compromise and irrecoverable loss of data. Organisations must put in place technical solutions for securing access to mobile devices and content.

Applications and data - the provenance of most apps designed for consumer devices are unknown, and most have not undergone formal testing. Unfortunately, says the report, most users do not think about this when downloading them. Organisations must therefore ensure that apps used for business and the types of data they can access or generate are appropriate and properly tested.

What’s Hot on Infosecurity Magazine?