The survey of 107 senior U.S. business executives also found that 90 percent of respondents believe voice interception occurs at least annually, and 85 percent of IT practitioners think voice data security should be a priority along with other common security measures. However, 67 percent lack confidence in their approach.
Only 14 percent deploy security measures when executives travel to areas known for cell interception, particularly the Middle East and Asia Pacific. In addition, 83 percent of respondents do not provide employee training to minimize risk and raise awareness.
What compounds the problem is that 80 percent believe that their organization would remain ignorant to voice interception even after it occurred.
Beware Governments and Organized Crime
Survey respondents cited two main culprits. According to the study, 50 percent indicated that foreign government authorities are likely to intercept their voice data, and 32 percent pointed to criminal organizations.
Ponemon listed six scenarios where data voice thievery could potentially occur:
- Senior management conference calls where cell phones are used.
- Traveling sales staff on the road communicating to the home office.
- Offsite lawyers discussing confidential information via a cell phone to clients.
- Call center employees on cell phones receiving customer data.
- Earnings report discussions with disparate finance and accounting staff.
- A CEO’s assistant making CEO travel arrangements via a cell phone.
The Bluetooth Vulnerability
One way voice data thieves can intercept calls is through Bluetooth headsets, says SearchSecurity.com expert Sherri Davidoff. “Bluetooth devices are especially vulnerable while they are in pairing mode, because to facilitate pairing they exchange sensitive data that can be captured and used to reverse-engineer the device’s PIN,” she stated in a question and answer session.
Read the full interview here, How to prevent mobile phone spying.
In addition, according to SearchSecurity.com’s Nicole A. D’Amour, the GSM standard used by the majority of mobile phone operators was cracked last December, putting many business users at increased risk of voice interception.
Texting Encryption Also Important
Mobile messaging security has also received newfound attention as the healthcare industry begins to embrace short messaging services (SMS). Owing to speed and ease of use, vendors, professionals, organizations, and patients have turned to SMS in lieu of more traditional phone calls. Unfortunately, standard text messages are rarely encrypted and therefore not HIPAA compliant.
Vendors like CellTrust and Squareloop have stepped in to fill the needed gap, offering HIPAA compliant security mobile messaging applications.