The inconvenience of cyber-security

By Jacinta Tobin on July 10th, 2012

Jack Welch, former chief executive of American multinational conglomerate General Electric, once proclaimed: “The Internet is the Viagra of big business.” From its inception in the early 1960s, to the evolutionary potential it holds for the not-so-distant future, the World Wide Web has made a profound, indelible mark on the business world.

A recent study by research firm Chetan Sharma Consulting found that, globally, there are more mobile phone subscriptions – approximately six billion – than electricity accounts, access points to safe drinking water and bank accounts. With most of these phones being connected to the internet, it’s clear that our society has become more connected than ever.

Consequently, life online is now the norm. Commuters are permanently glued to laptops, smartphones or tablets on the journey to work. Financial markets depend on real-time, latency-free, nanosecond trading to keep the world’s economy afloat. The concept of an “internet economy,” in which businesses can trade with anyone around the globe on any device, is now a reality. But at what cost?

Becoming a player in the “internet economy” does not go without risk. Many businesses worry about how to evolve from being perceived as a small fish in a big pond, or whether the numbers crunched from the sales meeting have met forecasts. But is the right level of attention being given to securing the online channels through which businesses trade? Have businesses become so comfortable with the concept of the internet and the convenience it provides, that cyber-security now an afterthought?

Tablet devices, app stores, smartphones and VoIP services such as Skype have all played a part in facilitating people’s everyday lives. As a result, employees now want the same experience they have with technology in their personal lives in the workplace. Trends such as Bring Your Own Device (BYOD) see employees bringing in their own iPads, smartphones and laptops into the office, with the expectation that they can just connect to the corporate network.

Many employees are now savvy enough to do exactly this, connecting their latest gadgets immediately and seamlessly to the corporate server and Wi-Fi without assistance. Simultaneously, IT departments struggle to keep track of who is bringing what device into the workplace and how these devices are being used. As a result, the security of corporate information can be somewhat overlooked, as employees and IT departments battle for control over these devices and the impact they are having on working practices.

At the start of 2012, Ofcom, the UK’s independent regulator and competition authority for the communication industry, published a report looking at the level of consumer concern towards the Internet. The report revealed that while, on average, consumers are spending five more hours per week online, generally concern about the Internet has dropped steadily since 2005, falling from seven in ten (70 per cent) users to half (50 per cent) by 2011. So, while companies allow employees to be flexible with the tools they use in the workplace, this may be detrimental to the safety of sensitive corporate information.

Contrary to Ofcom’s findings, the Connected Communications research my company has published shows that UK consumers’ trust in email, SMS and social networks is actually in decline. Of the 1,000 Britons surveyed, 20 per cent believed their mobile device to be less secure that it was a year ago, and 52 per cent said they did not have enough trust in the security of their mobile device to use it to pay for goods and services.

While some consumers are clearly aware of the security pitfalls that await them online, it’s a different matter in the office. Most are aware of the personal and financial repercussions of losing a bank card or giving passwords to strangers in cyber space. Yet the consequences of security breaches in the workplace are harder to acknowledge, especially if employees are not held personally accountable.

It’s important for businesses to consider this difference in attitude if they want to ensure they are not the next victim of a security breach or virus attack. Recently, LinkedIn became the next high-profile company in the spotlight for the wrong reasons, with 6.5 million users’ passwords being compromised. With more businesses taking their trade online, particularly to mobile and social platforms, to communicate with customers, attackers are taking advantage of this move and targeting these platforms for malicious ends.

Globally, SMS spam attacks have increased by 300 per cent over the past year alone. Of the approximately 90 million mobile spam messages processed each day across North America and Europe, 33 per cent are “smishing” attacks that attempt to entice users into providing personal details that can be used for illicit purposes. A rise in identity fraud and insurance scams such as PPI compensation and debt eradication spam are tricking individuals into divulging personal information.

As employees check their bank balances, personal email accounts or social media profiles during work hours, they could be inadvertently clicking on links or responding to messages that may not be safe or secure. With employees also using their own devices to access corporate information, the IT infrastructure is exposed to new, insecure access points, making it more vulnerable than before.

This rise in online threats is forcing businesses to address employees’ attitudes and perceptions of online channels and security in the workplace before it becomes too costly. When it comes to security, it’s unfortunately often a case of too little, too late. The convenience that email, social networks and m-commerce provides often means that people don’t think twice before using these services.

Some people don’t think twice before clicking on links or filling in online forms with personal and company information. They only learn of the potential security risks that malicious links and phony online forms can bring after falling victim to them. In the workplace, this is a mistake that can’t afford to be made: employees need to be held responsible for their online conduct, be it on a company-issued or personal device.

According to global management consulting firm Boston Consulting Group, the UK is the most “internet-based major economy,” with the internet economy estimated to be worth £121 billion in 2010. But if businesses want to flourish in the new digital economy, they need to educate staff on IT policies that reflect and accommodate the BYOD trend. Employees also need to take responsibility for their own online conduct, seeking advice from the IT department as and when necessary on the best way to use their devices to access corporate data in a secure manner.

Security should be seen as an enabler of business innovation, not an inhibitor. If businesses want to become major players in today’s economy and compete, they need to be able to implement game-changing technology in a safe and secure way. Considered security protocols can provide businesses with a competitive advantage in a cyber-enabled landscape that is under fire by bolder and more sophisticated scammers. After all, as Jack Welch also once said: “If you don’t have a competitive advantage, don’t compete.”