People: Your network's weakest link

There is almost no point securing your network or shredding sensitive documents if your staff are just going to leave their data-laden mobiles on the Tube

Human behaviour is the biggest risk in mobile security, according to a top Nokia official.

Niklas Savanda, Nokia's senior vice-president of enterprise solutions, said workers are more careless with their mobiles than they are with their laptops. "There are thousands of [lost] mobiles found on the London Underground everyday," he quipped.

"Companies should really ask their workers if they realise they are walking around with sensitive corporate data," he said. It is paradoxical, he added, that employees diligently shred pieces of paper, but seem nonchalant about the data in their mobile devices.

Savanda is not the first to pinpoint humans as the weakest link in security. Former hacker Kevin Mitnick had also stressed the need for companies to focus on employees in securing their network. Studies have also indicated that businesses often neglect employees' role in the company's security measures.

But where humans fail, organisations can use technology to stop private information from reaching the wrong hands, Savanda said. Companies welcome features like "remote wipe", which allows them to erase corporate data remotely, he said.

Businesses can also encrypt data on mobile devices, he added. Data encryption will make it harder for dishonest commuters who pick up mobiles on the Tube to retrieve meaningful data.

While security features mean well, Savanda emphasised that data protection measures should not make mobile devices and applications harder to use.

Tech support staff, he said, often claim that workers are cool on the security features made available to them. "But if you need 15 passwords and two token [cards] to use an application, people will just say 'forget it'," Savanda said.

Savanda added that security features such as wireless encryption are not user-friendly. However, as technology matures, there is the possibility that some of these security features will be more transparent to users, he said.

Michael Yin, chief executive of Mozat, a Singapore-based mobile enterprise solutions provider, said there has to be a balance between security and making mobile devices more user-friendly. "You don't want to scan your fingerprints before you send out a message from your devices," he said.

A Gartner report in April noted that measures undertaken by businesses in mobile security are inadequate. According to the research firm, security enforcement is further complicated by the fact that employees bring in their own devices which run on multiple operating systems.

"This poses a significant challenge in terms of securing corporate data residing on privately-owned devices, as they are not under direct IT [department] management," Gartner cautioned.