Companies across the globe could be increasingly exposed to serious information security risks due to the growth in use of corporate mobile devices, such as phones, tablets and laptops, by employees.
A team of experts from the University of Glasgow retrieved large amounts of sensitive corporate and personal information when looking at a sample of mobile phones returned by employees of one global Fortune 500 company.
The researchers recovered data from these 32 items that could potentially cause significant security risks. They claimed the increasing use of mobile devices within corporate organisations could be exposing security flaws, leaving companies at risk of having valuable intellectual property leaked and putting them at risk of potential litigation.
In addition to the corporate data retrieved, a large amount of personal information was also recovered from the corporate handsets examined.
Recent estimates claimed that smartphone use in the corporate sector increased by 22 per cent in 2011 alone, with the use of phones, tablets and laptops continuing to grow as employees can benefit from accessing emails, business plans, sales data or customer profiles outside the office.
However, current data security policies and processes put in place by organisations are struggling to keep pace and that creates potential opportunities for information to fall into the hands of criminals should the mobile device be lost, accessed or stolen.
The experts claim the initial study – with results garnered from a relatively small sample – shows that mobile phones are putting organisations at risk due to the sheer amount of corporate information on mobile devices.
Dr Brad Glisson, director of the Computer Forensics and E-discovery MSc program at the University of Glasgow, said: “The amount of corporate information involved is potentially substantial considering that the study targeted low end phones. The type of data stored on corporate mobile devices included corporate and personal information that is potentially putting both the company and the individual at risk.
“The amount of data that we recovered even from this limited study gives us an indication that there is an opportunity to improve policies from social-technical and technological resolution perspectives.
“This exploratory case study clearly demonstrates the need for appropriate policies and guidelines governing use, security and investigation of these devices as part of an overall business model. This becomes even more apparent and businesses gravitate towards the cloud.”
