Are CEOs the greatest security risk to organisations?

Staying connected is a necessity for any mobile professional, in any business, in any market. But the critical need to work on the go – wherever, whenever, and however – does unfortunately present a cyber security risk.

Enabling workforce flexibility is at the top of the agenda for most companies. Yet that mobility can wreak havoc with security best practices. Most disturbingly, CEOs represent the biggest cyber security risks to their own organisations.

Workforces have become more dispersed. And organisations require their employees to access corporate data from anywhere using multiple devices and connection methods, including free, public Wi-Fi hotspots.

Even trains and planes have become connectivity hubs for commuting employees who want to make the most of their journey. But what does the need for everywhere connectivity mean in terms of mobile security?

>See also: Is cyber security finally on the CEO’s agenda?

Although increased mobility has been positively linked to increases in productivity, it has also increased the number of attack vector for hackers, who have been quick to take advantage.

The iPass Mobile Security Report highlighted this growing threat in no uncertain terms, showing that the vast majority of businesses (93%) are concerned with providing secure mobile connectivity and are dealing with the challenges associated with their growing mobile workforces.

C-suite under fire

Given that businesses are facing more and more attacks, it should come as no surprise to know that the number of mobile security threats has increased as well. And when it comes to those mobile vulnerabilities, the threat comes from the top. Globally, 40% of companies cited their c-level employees, including the CEO, as their highest cyber security risk.

Perhaps, these findings should not come as a surprise. After all, c-level executives tend to be very mobile. By definition, they are privy to vast swathes of sensitive company data, which they access on multiple devices and in multiple locations. As such, they represent a perfect target for any cybercriminal.

You get what you pay for

All mobile workers, from the c-level down, have come to rely on free, public Wi-Fi, available virtually everywhere. Cafés and coffee shops, in particular, remain some of the most popular locations for free public Wi-Fi, and they are used regularly by mobile workers for such routine business tasks, as checking email to video conferencing.

>See also: Cyber security professionals blame CEOs for data breaches

Although ubiquitous, free, public Wi-Fi is something of a double-edged sword. Many coffee shops suffer from lax, Wi-Fi security standards, meaning anyone who uses their open network is vulnerable to being hacked. The threat is not going unnoticed either.

In fact, more than three quarters of businesses said coffee shops were the most high-risk locations for their employees, followed by hotels and airports. In truth, any location that offers access to free, unsecured Wi-Fi should only be used after taking all the necessary precautions.

What is the threat?

Over the years, cybercriminals have become more advanced, deploying ever-more varied and sophisticated attack methods to target unsuspecting mobile users. The man-in-the-middle attack is one of the most feared attacks featuring unsecured Wi-Fi hotspots; this form of attack sees data intercepted by a hacker over an unsecured connection without the mobile user knowing.

For hackers, the man-in-the-middle attack on a c-level target is a dream scenario for hackers. They can get access to the most sensitive company data, with their victim being none the wiser.

Managing risk

Many businesses try to manage this risk by implementing a blanket ban on public Wi-Fi. In fact, 68% of businesses currently ban the use of public Wi-Fi hotspots – and an additional 14% plan to ban them in the near future.

>See also: EXCLUSIVE: CEO provides his cyber security predictions for 2018

Although this may appear like a sound security method, it may well end up being detrimental to the business in other ways. With so many devices being Wi-Fi-only, banning connectivity to Wi-Fi hotspots can result in a huge reduction in productivity.

People need to stay connected to be productive, both in and outside the office. It’s natural for mobile workers to seek Wi-Fi connectivity, regardless of the security risks involved. In many cases, workers do so even if their employers have banned the use of unsecured public Wi-Fi.

A better way of dealing with cyber security threats is to look at solutions like virtual private networks (VPNs). VPNs can secure data being sent across network connections, even when on a public Wi-Fi network, which keeps data away from hackers.

>See also: UK CEOs see cyber security spend as a revenue opportunity

Hardly a day goes by without news of a high-profile data breach. As a result, businesses are becoming very aware of the risks they face. Even if businesses can identify what the biggest security threats are, many still struggle to balance productivity and security. They must understand, however, that burying their heads in the sand is not an adequate response, nor is adopting blanket bans.

Businesses must embrace mobility and enable their workforces to operate effectivity in a ‘mobile first’, ‘Wi-Fi-first’ environment. Ensuring that mobile workers are equipped with the services that allow them to get online and work securely at all times should be a high priority. Companies that embrace this strategy will have a more empowered and productive workforce while putting themselves less at risk in the long run.


Sourced by Patricia Hume, chief commercial officer, iPass

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics

Cyber Security