April 19, 2012, 11:33 AM — Here are two timely items that seem to go together:
The first item is based on preliminary results from an annual survey from PricewaterhouseCoopers (PwC) designed to identify characteristics major data breaches have in common.
Its big revelation in the 2012 edition is that mobile computing devices – primarily smartphones and iPads – act as much like cracks through which secure data can leak as they do portals that give employees constant access to the office.
The lines between employees' work and personal life have blurred into almost nonexistence, forcing most companies to allow access to formerly secure systems through mobile devices they often don't own and can't control.
Seventy-five percent of the companies responding to PwC's survey allow employees to connect personal devices to the company network; 39 percent encrypt the data on those devices.
The "staff mistakes" that make up 82 percent of data breaches, according to PwC, are primarily from mobile devices that are lost or stolen with unprotected, proprietary data still on them. "Smartphones and tablet computers are often lost or stolen, with any data on them exposed. Mobile devices can drill straight through your security defences, if you're not careful," according toPwC analyst Chris Potter, who misspells defenses when he speaks because he's British.
The second item seems to follow logically from the first: end users are bad, sloppy and often criminally negligent (not to mention stoooopid noobs), so IT people are foolish to trust them, according to a survey conducted last month by security vendor Sophos.
A quarter of security wonks reported fixing at least one security problem a day; 26 percent said the worst offenses came from senior managers. Only 4 percent said they trust their users with data or security.