Staff mobiles ‘can pose cyber-security risk’

COMPANIES could be leaving themselves open to serious security threats as a result of the growing use of corporate mobile devices by employees, according to researchers at the University of Glasgow.

Corporate mobiles can pose a security risk, according to Glasgow University researchers. Picture: TSPL

Experts who examined mobile phones returned by the employees of one Fortune 500 company found that they were able to retrieve large amounts of sensitive corporate and personal information from the devices.

The data yielded by the study of 32 handsets included a number of items that could cause “significant security risks”, the research team at the University of Glasgow said.

Sign up to our daily newsletter

The i newsletter cut through the noise

The loss of such information from mobile phones or other devices like tablets and laptops could lead to the leakage of valuable intellectual property or expose the company to legal conflicts, it was claimed.

Researchers said the study, although limited in size, was an “important step” in proving that the increasing use of mobile devices in the workplace could be jeopardising security and compromising data protection laws.

They suggested that the current policies which govern data security are not keeping pace with the growth of smartphone use in the corporate world.

The study also highlighted that a “substantial amount” of personal information could be retrieved from work phones and devices, potentially putting personal security at risk.

Dr Brad Glisson, director of the computer forensics and e-discovery MSc programme at the university, said: “This study indicates that relatively featureless mobile phones are putting organisations at significant potential risk.

“The amount of corporate information involved is potentially substantial considering that the study targeted low-end phones.

“The type of data stored on corporate mobile devices included corporate and personal information that is potentially putting both the company and the individual at risk.”

He added: “This exploratory case study clearly demonstrates the need for appropriate policies and guidelines governing use, security and investigation of these devices as part of an overall business model.”

The study was published in the Association for Information Systems journal.