Christmas MP3 players pose serious corporate security risks


Companies need to take steps to protect themselves from “very serious security threats” which will be posed by MP3 players received as Christmas presents being brought into workplaces next year, security experts warned.

With top-end MP3 players able to store as much as an average laptop, businesses and consumers must watch out after Christmas as staff begin connecting these devices to corporate networks in unprecedented numbers, according to Pointsec Mobile Technologies.

The security vendor pointed out that the average MP3 player with 256MB of storage capacity will now cost just £20 and at the top end, a 60GB Apple iPod Video player, which can store 12 million pages of text, can be bought for £300. It is feared that as these devices become commonplace, users will soon discover that they they make excellent storage devices for carrying around potentially sensitive corporate data.

"While MP3s are aimed at the consumer market for entertainment, more companies have consulted us over security fears that their otherwise strong security chain could be weakened by a surge in security breaches resulting from staff using MP3 players at work," said Martin Allen, managing director of Pointsec.

"Some users see them as ideal for carrying corporate information, which can be very sensitive and valuable, and if lost or stolen can have serious ramifications to a company, such as customers personal details and accounts getting into a competitors hands, R & D plans being exploited by an opportunist or passwords and PIN numbers being obtained by a hacker. The company could also be liable for contravening the [U.K.'s] Data Protection Act."

If exposed, all of these scenarios could cost a company its reputation, affect its share price, knock customer confidence - and in the worst case - cause it to close down, said Allen.

As MP3 players are still seen very much as entertainment devices, disgruntled staff or employees who are leaving can also use them to download customer databases and other valuable or competitive information without causing any suspicion, Pointsec warned.

Allen added that companies should also be wary of the risks of staff uploading data, music and videos onto the corporate network which could introduce viruses, worms, Trojans and cause copyright infringement.

Pointsec suggests that, regardless of the type of storage device, if it is being used within the corporate environment to store data and it leaves the organization, it must be encrypted.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.