Our website uses cookies

Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing Infosecurity Magazine, you agree to our use of cookies.

Okay, I understand Learn more

C-Level Represents Biggest Mobile Security Risk

Most IT leaders are concerned about the security challenges posed by a growing mobile workforce, but it’s C-level executives who are thought to be the greatest hacking risk outside the office, according to iPass.

The mobile connectivity firm polled 500 IT leaders from the US, UK, Germany and France to compile its latest iPass Mobile Security Report.

Some 40% pointed to C-level risk whilst out and about, while nearly half (47%) said they were “very concerned” about mobile security challenges, up from 36% last year.

Cafes and coffee shops (42%) were ranked as the riskiest venues in which to jump on public Wi-Fi, followed by airports (30%) and hotels (16%).

Over two-thirds of organizations (68%) have banned employee use of free public Wi-Fi “to some degree”, up from 62% in 2016, and a third banned it outright, up from 22%.

Key security concerns highlighted by respondents were topped by man in the middle attacks (69%), and followed by lack of encryption (63%), unpatched operating systems (55%) and hotspot spoofing (58%).

Worryingly, UK respondents were the least likely to ban public Wi-Fi use, with 44% saying they had no plans to do so, versus 8% in Germany, 10% in the US and 15% in France.

Raghu Konka, vice-president of engineering at iPass, told Infosecurity Magazine that C-level executives will use their mobiles on a “nigh-continuous basis” and IT can’t hope to modify this behavior.

“Because you can’t enforce a blanket ban on public Wi-Fi, education becomes essential. Thankfully the C-level understands the business risks of cybersecurity better than most, but it shouldn’t be taken as a given,” he added.

“They may be top of the tree, but they are not above training and education on the mobile security risk like everyone else. Technology plays an important role too of course, but it should never be heavy handed. Businesses need to enforce security solutions with as close to zero user input as possible, so that they don’t detrimentally impact productivity nor get circumvented as a result.”  

Education should include instructions like: only browse secure sites from public Wi-Fi; always use a VPN; keep devices up-to-date at all times and exercise caution replying to unsolicited emails, he concluded.

What’s Hot on Infosecurity Magazine?