Employees’ mobile phone use poses security risk: Study


Europe's biggest companies are leaving themselves open to potentially serious security and legal threats by employees' improper use of their corporate mobile phones, according to new research by the University of Glasgow.

The report, 'Investigating Information Security Risks of Mobile Device Use within Organisations', looked at a sample of mobile phones returned by the employees from the biggest 500 companies in Europe and found that they were able to retrieve large amounts of sensitive corporate and personal information.

Increasing use of mobile devices in the workplace potential security risks, inviting breaches on both an individual and corporate level. 

The potential leak of data could also compromise national data protection legislation, said the authors of the report.

Researchers believe that the current policies and processes that govern data security are not keeping pace with the growth of smartphone use within the corporate sector. The use of smartphones increased by 22% in 2011 alone in Europe.

Cloud worsening problems

Brad Glisson, director of the Computer Forensics and E-discovery MSc programme at the University of Glasgow, said that since the study targeted low-end phones, even relatively featureless mobile phones are putting organisations at significant potential risk.

"The type of data stored on corporate mobile devices included corporate and personal information that is potentially putting both the company and the individual at risk,” Glisson said.

“This exploratory case study clearly demonstrates the need for appropriate policies and guidelines governing use, security and investigation of these devices as part of an overall business model. This becomes even more apparent as businesses gravitate towards the cloud," he added.

A report by the European Network and Information Security Agency (Enisa), published in January, also said that cyber-attackers are set to target smartphones and social media increasingly over the next year.

The report identified emerging threats for the next year, and claimed that mobile phones will come under increased risk, since their communication paths are often less secure than conventional computer systems.

>> Read: EU agency warns of smartphones' vulnerability to cyberattacks

According to Eurobarometer, Europeans remain very concerned about cyber security. 89% of internet users avoid disclosing personal information online, and 12% have already experienced online fraud.

Therefore, EU’s new European Cybercrime Centre (EC3), based in the Hague, opened in January 2013.

It will facilitate research and development, ensure capacity building among law enforcement, judges and prosecutors and will produce threat assessments, including trend analyses, forecasts and early warnings.

The Commission simultaneously launched an EU-wide cybersecurity strategy, which aims to establish cross-border cybersecurity rules and practices, and coordinated attack response.


  • 2013: EU Council and Parliament to consider Commission's proposed cybersecurity strategy


EU official documents

Subscribe to our newsletters