Bad security practices making breaches more likely

Research from Kaspersky Lab and seperately from Varonis has revealed that bad security practices are leaving firms exposed to potential data breaches

Employees are keeping mum over corporate data leaks and many firms are still sticking to behaviour that increases the chances of a breach according to research coming out of the security industry.

Kaspersky Lab has found that 77% of UK staff would not tell their IT department if they lost a company owned device and Varonis has found that although good security practices are being followed so are some high-risk behaviours that could leave data exposed.

The consequences of the time lag caused by most users failing to inform the IT department quickly that their corporate device has been lost are serious giving hackers a head start on any remedial action the employer may take to remote wipe and defend systems against attacks.

Kaspersky found just shy of a third of IT managers would expect it to take an entire working day to be informed and a quarter said that it would take at least half a working day for staff to inform them of the loss.

“The ever-growing abilities of mobile devices make our lives much easier”, says David Emm, senior security researcher, Kaspersky Lab. “However, what we don’t always consider, is the ease with which such tools can be stolen, leaving a wealth of business critical information in the hands of thieves."

"To a seasoned cybercriminal, it will take only a matter of minutes to by-pass the four digit password protection used on most devices, especially smartphones. If your mobile device is lost or stolen, it is critical that the IT department is informed as fast as possible," he added.

Despite the dangers of losing corporate devices or making other mistakes that leave the network exposed Varonis found that 91% of the public trust businesses to look after data properly.

But the vendor also discovered that although many are following good security practices there are also problems with some using the same password across multiple devices and two thirds admitting they have sent personal information in an unencrypted form.

David Gibson, vice president at Varonis, said that it was encouraging to see high levels of trust from the public over the way data was being handled but more had to be done to ensure that judgement was not ill founded.

“The vast number of breaches occurring on an almost daily basis indicates that businesses, just like individuals, are still struggling to get the basics right in securing their data," he said.

The conclusions for resellers were to pitch mobile device management and encryption as well as highlighting the need for good security practices to protect data.

Read more on Threat Management Solutions and Services