sophos, honey stick, usb, mobile, storage, device, malware, safeguard, encryption, password, australia, sydney, risks, mac, windows
HOME
PAGE
MEMBER RESOURCES
ABOUT US
FORUMS
PARTNERS
PRODUCTS & SERVICES
FREE RESOURCES
LOGIN
HERE
JOIN
NOW!
You are not logged in. Access is limited. Login or see membership information. • Streetwise Security Zone Community

To see the list of all blogs, including Scott Wright's Security Views Blog and the Streetwise Security Zone Podcast click HERE. You also can subscribe via an RSS reader, or check the "Watch This" box in the left column to receive news by email of new articles.


Watch this Blog Notify me by e-mail any time a new post is made to this blog.


Group Administrator

"ScottWright"

65% of honey sticks to date have been used in risky ways that could impact business operations. What's a Honey Stick? - Look for the link at the bottom of any article on this page for an explanation.

 

Customer Service Rep Security Awareness Test
Product ID: 00000002

Find out what your CSR knowledge of security policies and general security best practices is... before your clients do it for you! In the CSR Security Awareness Test, we schedule 5 randomly scheduled inquiries to your phon ... More »

Non-Member Price: $299.00 $249.00

December 2011 Posts

Archives
  The Honey Stick Project - Measuring risk decisions
Blog Entry

If you think you use mobile devices securely, consider this new Sophos data

Wednesday, December 28th 2011 @ 8:10 AM (not yet rated)    post viewed 977 times

New data from an innovative study by security software vendor, Sophos, shows an eggregious lack of security awareness among the owners of USB drives that were lost.

How do they know?  They bought 50 devices at a Sydney, Australia rail company's auction of “lost and found” items. It was a great way to obtain a real sampling of what kind of security practices people apply to their USB drives. But what they found should make you stop and think about how you protect your own mobile devices.

Here’s a quick snapshot of the Sophos findings, and their lessons learned.

Malware is Everywhere

Two-thirds of the devices had malware on them that is known to infect Windows systems. Seven infected devices were clearly owned by Mac users, who would have been spreading this malware, even if their machines did not become infected themselves.

Lesson #1: Remember to scan any device that has been used in another computer (i.e. from friends, coworkers, or even your own device if you lend it to somebody to copy a file for you). Even Mac users should now use anti-malware protection. So, you have to assume that every device around you is infected with hostile malware.

Nobody Protects Sensitive Data on Mobile Devices

None of the devices had any kind of safeguards applied to them such as encryption, biometric or password protection. So, all of the data was easily accessible, and included documents related to personal taxes, activist meetings, university assignments, family photos, CV’s and source code of software programs.

Lesson #2: Use encryption to protect any files you put on a USB device. You never know when or where it might be lost, and to what risks you might be exposing yourself.

Here’s a link to the original Sophos blog post with the description of their study.

http://nakedsecurity.sophos.com/2011/12/07/lost-usb-keys-have-66-percent-chance-of-malware

Conclusion

So, this kind of study shows how lax most of us still are with respect to protecting our mobile data and devices.

We are clearly not getting any better at managing the risks of mobile device usage. In upcoming columns I plan to discuss more about mobile risks around other types of mobile devices that we all use on a daily basis.

Unfortunately, I expect that 2012 will be a particularly bad year for mobile risks. With the explosion of powerful new phones and tablets, and very little in the form of inherent security features in operating systems like Android, we are all on our own when it comes to making sure we don’t get burned by the convenience of these new devices.

What do you think about the mobile security risks in the coming year?

I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn't mean you can't have an economical way to address human security risks. Please call or email me at the coordinates below...

Scott Wright

The Streetwise Security Coach

Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html

Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec

To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.

 

 

Site Meter

 rate this post: very bad poor average good fantastic!
Comments