@Risk

Identity fraud jumped by 13 percent in 2011, and that increase may be the result of consumers’ social media and mobile behaviors.

For the past nine years, Javelin Strategy & Research has conducted an annual analysis of identity fraud trends, and for the first time, the 2011 study examined social media and mobile phone behaviors, ultimately uncovering certain related consumer practices that appear to increase risks.

Here are some of the key findings in more detail:

• The overall number of identity fraud cases is up, but the dollar amount held steady. Javelin found that more than 11.6 million adults became a victim of identity fraud in the US last year, although the dollar amount stolen remained constant. (Javelin defines “identity fraud” as the unauthorized use of another person’s personal information to achieve illicit financial gain.)
• Social behaviors are risky. LinkedIn, Google+, Twitter and Facebook users had the highest incidence of fraud although there is no proof of direct causation.  What’s the risk? Javelin found that consumers share significant amounts of personal information frequently used to authenticate identity. For example: (more…)

Many employees now use mobile devices to access their company’s network. But, what happens if those devices are lost, stolen or resold to others outside the company? Could sensitive data be compromised?

The risks may be greater than you think.

Earlier this month, Motorola announced that approximately 100 out of a batch of 6,200 Xoom tablets that were refurbished by Motorola Mobility may not have been completely cleared of the original owner’s data prior to resale. An earlier analysis found that more than half of 50 mobile phones purchased from second-hand resellers on eBay contained personal data left over from their original owners.

New research from Mobilisafe, a Seattle-based mobile security company, reveals just how widespread employee mobile device use is and how little oversight IT departments are exercising –particularly at resource-constrained small and midsized businesses (SMBs).

For the study, employees at SMBs agreed to help evaluate a product that provides visibility to all mobile devices accessing their company’s network. Then, over the course of three months, Mobilisafe mapped more than 38 million employee mobile device connections, providing key data for its analysis. The interim results from the beta trial showed that: (more…)

Business travel has become standard fare for many –if not most –corporate employees.  However, recent research by American Express Global Business Travel found that corporate travel policies are often lacking updates and appropriate oversight, leaving companies exposed to losing hard-earned corporate negotiated rates, and even more importantly, putting business travelers at unnecessary risk.

American Express Global Business Travel analyzed nearly 100 travel policies of global, multinational, and mid-sized companies, and the results showed that:

• Less than one-third of these companies overall have updated their travel policies within the last year.
• Only 12 percent addressed traveler security despite it being a critical issue for companies to consider as more and more employees embark on worldwide business travel today.
• The vast majority (80 percent) did not address reimbursement of ancillary fees such as checked bags, reservation change fees, or other for-purchase services offered at hotels and car rentals
• 85 percent of global companies require an agency to book hotels. But only 35 percent of smaller companies and large international organizations do the same.
• None of the travel policies addressed the use of mobile applications or even referenced tools they may have available for travelers to use on the road or when working remotely.
• 70 percent of companies do not provide specific guidelines to travelers on when it makes sense to book airfares through a non-preferred supplier if the ticket price is less expensive.

To fill in these gaps, American Express Global Business Travel suggests that companies review their policies and focus renewed attention on: (more…)

Last month, I reported that many companies are struggling to keep pace with the compliance and risk policies necessary for effective social media governance.

Now, HP has released new global research indicating that organizations also face increased threats from an even more fundamental policy and procedures issue: poor control and oversight of sensitive and confidential workplace data.

According to the new study conducted by the Ponemon Institute, many companies say they have well-defined policies for individuals with privileged access rights to specific IT systems. However, almost 40 percent were unsure about enterprise-wide visibility into specific rights, or whether those with privileged access rights met compliance policies.

The survey, which focused on more than 5,000 IT operations and security managers across the US, the UK, Australia, Brazil, France, Germany, Hong Kong, India, Italy, Japan, Korea, Singapore and Spain, also found that: (more…)

How careful are employees when it comes to IT security?

Apparently, most aren’t careful, at all. What’s more, most aren’t really concerned whether or not IT policies are followed.

Take a look at these survey results. IT security expert Avira polled nearly 1,000 of its users in September and found that:

• Only 38.95 percent of those participating in the study said they adhere to security policies designed to protect their company.
• About the same amount (35.42 percent) admitted there are security policies in place at their business, but that they didn’t feel that anyone really cared whether those policies were followed or not.
• The remaining 25.63 percent said they see security as a system administrator’s responsibility and not an employee concern. (more…)