University of South Carolina

Connectivity and Hacking: Are we safe?

New USC research study examines susceptibility of hacking attacks on college students, potential impact on employers

By Ryal Curtis, rcurtis@mailbox.sc.edu, 803-777-6491  

Next year, half of all employees working for medium-to-large-sized businesses in the U.S. will use a personal connected device from inside the workplace. According to University of South Carolina researchers Mark Harris and Karen Patten, those personal devices could put companies at serious risk, vulnerable to sophisticated, evolving and costly attacks of the cyber form – better known as hacking.  

“Think hospitals, banks, any brick and mortar enterprise where private data lives online,” said Harris. “If an organization hasn’t taken the proper steps to prevent data hacking with these personal devices such as smartphones or tablets, their employees and their company data could be susceptible to cyber attacks.”

Harris and Patten recently set out to answer an increasingly urgent question: are college students, those soon-to-be employees, properly securing their connected devices? Answering “no,” according Patten, an assistant professor in the program for Integrated Information Technology, would further validate earlier research showing companies are more at risk as employees bring their devices into the workplace.

Is tomorrow’s workforce more susceptible to hacking?

Harris and Patten surveyed more than a hundred USC students as a test sample to evaluate how much, if at all, the current generation of college students is properly securing their personal, connected devices. The research also compared IT and non-IT students to see which group was better at securing their personal technologies. 

Research findings, according to Harris, were what they expected for equipment and usage, but surprising in terms of how little both groups of students protect their personal technologies. 

As expected, almost all of the students owned a smartphone and/or tablet, and most regularly access Wi-Fi with the devices in public places. But these same students appear to be growing target for hackers. A majority reported not using anti-virus software or requiring credentials for accessing their personal devices – something as simple as creating a password to get into their smartphone, tablet or computer.

Some students even admitted to “jail-breaking” their devices, the all-too-common process of manually removing limitations on hardware imposed by product manufacturers. “When jail-breaking occurs,” said Harris, “the risk of being hacked goes way up. And, of course, this kind of thing isn’t exclusive to college students.”

On average, the IT students rated just above the non-IT students in properly securing their connected devices, with both groups having room for improvement. And, of all the students surveyed, almost everyone planned on taking their device into the workplace – if they weren’t already.

“Our research showed us that students fail to adequately protect their devices,” said Patten. “I wouldn’t be surprised to see similar feedback for this generation of college students at other schools around the country. It’s a sign of the times we live in.”

The hacking risk to future employers

Patten and Harris agree that organizations must account for unsecure personal devices. That can be costly for employers, sometimes up to more than $300 per device in the workplace. 

“There are different options at different cost structures,” said Harris. “Companies need to pay close attention to the technologies coming into their workplace as well as the policies in place to protect employees and the organization against hacking threats.” 

Future research for Harris and Patten will compare past research data against a new test sample of both IT professionals and also small and medium-sized enterprise business owners and employees. Harris is also working to develop a new course at the university that instructs students on how to protect personal connected devices and the related evolving cyber threats to consumers and business enterprises. 

“Technology is great,” said Patten. “But with each advance comes a new opportunity for hackers. This problem isn’t going away anytime soon.“

News and Internal Communications

Posted: 12/07/12 @ 12:00 AM | Updated: 12/07/12 @ 5:13 PM | Permalink