The rise of the mobile workforce creates a host of new security problems, according to a new report from iPass. And C-level executives—including the CEO—are the most at risk of being hacked when working outside the office, according to a survey of 500 CIOs and IT decision makers across the US, UK, Germany, and France.
Some 93% of tech leaders surveyed said they were concerned about the security challenges presented by a growing mobile workforce. Almost half said that they were "very" concerned, up from 36% in 2016.
"The grim reality is that C-level executives are by far at the greatest risk of being hacked outside of the office," said Raghu Konka, vice president of engineering at iPass, in a press release. "They are not your typical 9-5 office worker. They often work long hours, are rarely confined to the office, and have unrestricted access to the most sensitive company data imaginable. They represent a dangerous combination of being both highly valuable and highly available, therefore a prime target for any hacker."
In terms of remote work locations, cafés and coffee shops were ranked the No. 1 high-risk venue by 42% of tech leaders surveyed, followed by airports (30%), hotels (16%), exhibition centers (7%), and airplanes (4%).
"Cafés and coffee shops are everywhere and offer both convenience and comfort for mobile workers, who flock to these venues for the free high speed internet as much as for the coffee," Konka said in the release. "However, cafés invariably have lax security standards, meaning that anyone using these networks will be potentially vulnerable."
SEE: Remote access policy template (Tech Pro Research)
To combat security threats, 68% of tech leaders said their organization has banned employee use of free public Wi-Fi hotspots to at least some degree, up from 62% that did so last year. Meanwhile, 33% of companies said they ban employee use of these hotspots at all times, an increase from 22% last year.
Tech decisions makers were especially concerned about the risk of man-in-the-middle attacks, the report found, as 69% identified these attacks as a concern when employees use public Wi-Fi. Other top concerns included a lack of encryption (63%), hotspot spoofing (58%), and unpatched operating systems (55%).
"Man-in-the-middle attacks were identified as the primary threat, but the entire mobile attack surface is getting larger," Konka said in the release. "Organizations must recognize this fact and do their best to ensure that their mobile workers are securely connected."
The US was the most concerned by the increasing number of mobile security challenges, with 98% of tech leaders expressing their concern, compared to the UK (92%), Germany (89%), and France (88%). Some 8% of UK firms said they have no security concerns when employees use public Wi-Fi, compared to just 1% of companies in the US.
"Organizations are more aware of the mobile security threat than ever, but they still struggle to find the balance between security and productivity," continued Konka. "While businesses understand that free public Wi-Fi hotspots can empower employees to do their job and be more productive, they are also fearful of the potential security threat."
In response to the growing threat, the majority of organizations choose to ban use of public Wi-Fi before properly assessing its value, Konka added. "They ignore the fact that, in an increasingly mobile world, there are actually far more opportunities than threats," he said in the release. "Rather than give in to security threats and enforce bans that can be detrimental or even unenforceable, businesses must instead ensure that their mobile workers have the tools to get online and work securely at all times."
The 3 big takeaways for TechRepublic readers
1. The vast majority of tech leaders said they were concerned about the security challenges presented by a growing mobile workforce, according to a new report from iPass.
2. C-level executives present the greatest security risk, since they often work long hours, often work remotely, and have unrestricted access to sensitive company data. Coffee shops are the most high-risk location to work, as their Wi-Fi tends to have insufficient security features.
3. While the security threat is real, organizations should consider how to keep their employees safe while working remotely, rather than banning public Wi-Fi use, the report suggested.
- Why SMBs are at high risk for ransomware attacks, and how they can protect themselves (TechRepublic)
- AI, IoT and the end of Moore's Law add to US national security worries (ZDNet)
- 4 questions businesses should be asking about cybersecurity attacks (TechRepublic)
- Gmail fake Docs attack: Now Google tightens OAuth rules to block phishing (ZDNet)
- Lunch and learn: Dealing with the risks of identity theft (Tech Pro Research)
Alison DeNisco Rayome has nothing to disclose. She does not hold investments in the technology companies she covers.
Alison DeNisco Rayome is a Senior Editor for TechRepublic. She covers CXO, cybersecurity, and the convergence of tech and the workplace.