Never mind the doughnuts in the break room going bad (they probably don't even last long enough for that) – it's the stale devices you really have to worry about.
That's the latest from stealth Seattle startup Mobilisafe, which found that more than half (56 percent) of Apple devices at small and medium-sized businesses were running out-of-date firmware, thus possibly compromising company security. Small companies are even more vulnerable to this problem than larger ones because some 80 percent of employees use their personal devices at work, as opposed to approximately 60 percent in larger firms. (That's because small businesses tend to subsidize employee cell phone plans instead of just issuing corporate devices, as big companies would do.)
Said Mobilisafe CEO Giri Sreenivas: “Associated with the high penetration of these devices with the small and mid-sized businesses is a lot of risk, a lot of risk around vulnerabilities, and a lot of risk around devices running out-of-date firmware."
He cited a recent hacker exploitation of the way Apple devices connect to Safari that allowed remote jailbreaking of iPhones, iPads and other devices. If company employees haven't updated the devices with the patch, cybercriminals could be using the vulnerability to run malicious code.
“There were PDFs on the Web that were taking advantage of this exploit, and there were a number of attacks,” Sreenivas told GeekWire. “Corporate data could be leaked off the device to a random server in China or Russia.”
Mobilisafe, founded in 2010 and operating on seed funding, currently is developing a software service designed to help small-firm IT departments manage what's referred to in the industry as the BYOD (bring your own device) trend.
In the past three months, while developing their product, the company has tracked some 40 million mobile device "connections" with a company IT system across a range of industries. (The number is so eye-popping because a single e-mail represents one connection.)
“These small and medium-sized business IT managers are significantly underestimating the number of mobile devices and the kinds of mobile devices that are coming in,” said Sreenivas, a former T-Mobile software architect. “It’s a blind spot, and they’re fully aware of it.”
Other findings: 39 percent of "authenticated devices" were inactive for 30 days or more, meaning that the devices–containing employee credentials and sensitive corporate data–possibly were lost, stolen or misplaced. Motorola, for example, recently announced that refurbished Xoom tablets accidentally were sold with data such as passwords still on the devices.
Bottom line: Take the three minutes now to download security updates for your device. (Bonus points for your multi-tasking if you do it while leaving a comment below...)
Photo credit: Thinkstock