Web browsing by mobile workforce poses serious risks

PUBLISHED : Tuesday, 15 March, 2011, 12:00am
UPDATED : Tuesday, 15 March, 2011, 12:00am

While many companies recognise the advantages that smartphones provided to employees can offer by allowing them to stay in touch with customers and management, few realise the risk their businesses face when uncontrolled Web browsing can lead to the loss of sensitive company information.

Nigel Mendonca, regional director for Symantec.cloud, formally Message Labs, says one of the greatest challenges for IT managers in recent years has been how to secure devices used by an increasingly mobile workforce and prevent intrusions from random Web browsing.

Mendonca says that although technology plays a fundamental role in reducing risk from employee behaviour, equally important is end-user education. 'Bad Web browsing behaviour may not only go against company policy, but increases the risk of malicious infection, which could proliferate across the corporate network,' he says.

Staff need to understand the importance of the organisation's security policies; individual employees need to understand that they also have a role to play in their company's security.

'It is a three-pronged approach - leave any one of these elements out then the business may be vulnerable to exposure,' Mendonca says.

Increasingly, concerns centre around the potential of sensitive data being posted on a site outside a company's control. The chance of sensitive data leaking through social media or a workstation becoming infected with data-stealing malware is another area where companies could be exposed to risk.

According to the latest Symantec.cloud intelligence report, up to a third of mobile workers indulge in potentially harmful Web browsing.

A survey commissioned by Symantec.cloud revealed uncertainty and doubt in Hong Kong when it comes to online activities.

For example, more than 43 per cent of respondents were not confident or simply did not know whether their browsing activities posed a threat to their company's computer security.

Mendonca says the scale of the threat is so large, on-premise solutions, such as software or hardware appliances, can be costly to buy, expensive to maintain and, unless they are updated regularly, can leave an enterprise vulnerable to attack.

'The growing number of mobile workers has only added to the challenges, and keeping these end points secure - whether they are people working from home or executives on the road with a notebook computer - is something that businesses cannot afford to overlook,' he says.

The risks are expected to rise as the number of workers using mobile devices to connect to their company computers continues to grow.

According to Harry Pun, client services manager, north Asia, at Symantec.cloud, some sectors, such as the banking and finance industry, are more security conscious than others. 'Businesses of any size in any sector are all looking for the same thing, reliable protection from online threats that doesn't impact productivity or bankrupt their IT budget, and that's exactly what a good hosted solution can deliver,' Pun says.

Symantec.cloud provides end-point protection for the growing number of mobile workers, and even helps organisations archive their e-mail with easy retrieval.

Pun says to obtain a better understanding, Symantec.cloud commissioned a research firm to quiz Hong Kong IT managers or IT decision-makers on hosted security, or what is now coming to be known as Cloud Security.

The findings indicated that the level of trust in security as a service, as a potential solution to the relentless spam and malware onslaught was extremely high.

For example, 86 per cent of Hong Kong firms surveyed rated IT security as important, or very important.

In addition, nearly one-in-five Hong Kong firms surveyed were already using some form of cloud services for security.

'Perhaps the most interesting result was that the majority - more than 65 per cent per cent of Hong Kong firms surveyed that were not already using cloud security - were planning to implement a cloud solution in future.