News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

Security News South Africa

Mobile devices raising company fraud risks

Company audit programmes are not taking effective account of the rising risks caused by the migration of sensitive data onto mobile devices and applications, the 14th Southern African audit conference heard on Monday, 15 August 2011.

With SA Minister of Finance, Pravin Gordhan in attendance, senior director of CPE Interactive, Jeff Kalwerisky, said government had a role to play in setting up "sledgehammer" style legislation that raised the ante for executives that should be liable for major failures, but that auditors and stakeholders needed to play a greater role in implementation and executives and stakeholders needed to focus their attention more on these rising risks as legislation won't prevent them.

Kalwerisky says he has noticed risks are rising when it comes to protecting corporate information as data is starting to leak out when transferred from company networks onto the devices, like on to USB sticks and then company laptops, iPads and iPhones.

He said children as young as 14 were findings ways to "jailbreak" the controls on an iPhone.

By setting these phones free of controls, any data therein was at risk. He says only 10% of people password protect their phones at the moment.

He adds the potential for viruses and hacking is increasing as data moves to smartphones. He says the audit profession needs to be aware that this information needs to be protected as part of good corporate governance.

It comes as techniques like "shoulder surfing" increase, where the mobility of devices like iPads is making it easier for people to have a sneak peak at what can be very sensitive information.

But the lack of effective checks and balances also invokes executives to play a big role in ensuring the rise of applications includes effective controls as the younger workers developing these "apps" are blissfully unaware of the broad corporate risks.

Kalwerisky says thousands of business-related apps are now available with little security attached.

He says data must be encrypted, while companies also need to better classify data so that sensitive corporate info, like future sales forecasts, is not leaked.

"Don't spend R10 to protect one million rand of data," he points out.

He says industry must tell government the risks and also the costs of implementation. In a nutshell, central security management and compliance need to apply to all the new devices being rolled out.

Source: I-Net Bridge

For more than two decades, I-Net Bridge has been one of South Africa’s preferred electronic providers of innovative solutions, data of the highest calibre, reliable platforms and excellent supporting systems. Our products include workstations, web applications and data feeds packaged with in-depth news and powerful analytical tools empowering clients to make meaningful decisions.

We pride ourselves on our wide variety of in-house skills, encompassing multiple platforms and applications. These skills enable us to not only function as a first class facility, but also design, implement and support all our client needs at a level that confirms I-Net Bridge a leader in its field.

Go to: http://www.inet.co.za
Let's do Biz