The company spoke with 2,800 college students and young professionals from more than 14 countries and found that familiarity with mobile devices and living your life online does not lead to greater caution. Quite the opposite. The survey found:

• Thirty-three percent of young people do not mind sharing personal information online, believe privacy boundaries are loosening, or do not think about privacy.
• Fifty-six percent said they have allowed others to use their computers without supervision — family, friends, coworkers and even strangers.
• Sixteen percent admitted leaving personal belongings and devices unattended in public while getting something to eat or drink or going to the restroom.
• Sixty-one percent believe they are not responsible for protecting information and devices, saying that this is IT’s responsibility.
• Of those who were aware of IT policies, 70 percent admitted to breaking them. The most common reason was the belief that employees were not doing anything wrong (33 percent), followed by the need to access unauthorized programs and applications to get their job done (22 percent).
• Thirty-six percent said they did not respect their IT departments.

Perhaps unsurprisingly given this generally lax attitude toward security and privacy, one in four young people will experience identity theft before the age of 30, according to the Cisco study.

Clearly, these numbers indicate there is some failure of communication between young, mobile, tech-savvy workers who were raised online and IT departments. The result is that many members of Gen Y fail to understand what positive role IT can play in organizations (besides that of killjoy sheriff) as well as fail to see the need for more care when it comes to their and their companies’ data.

Who has to change here: cavalier Gen Y, uncommunicative IT or both?

Image courtesy of Flickr user Lee J Haywood

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• The rise of tablets in the enterprise
• The new IT manager, part 1

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• Survey: the next wave of enterprise mobility
• New challenges for the IT organization

On the BlackBerry, WatchDox users can render PDF and Microsoft Office. It offers features allowing users to:

• Share and view documents securely on BlackBerry devices.
• Restrict shared documents from being copied, printed or forwarded.
• Eliminate documents remotely, if needed.

The company also announced updates to its Apple iOS app, including:

• Document sync. Users can securely sync their online documents or their virtual data room folders through the secure app versus less secure consumer-grade syncing methods.
• Passcode protection. In case of device loss or theft, a passcode provides an additional layer of security against information leaks.
• Performance enhancements. Access to documents should be speedier.

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• Connected world: the consumer technology revolution
• Tablet market to hit over 377 million units by 2016
• CES 2012: a recap and analysis

• Web workers are more vulnerable to “social engineering” attacks. In an office, “you can pretend that you’re a bike courier or FedEx guy, but you still have to get past the security guard, receptionist, and so on,” explains Steven Chan, chief software architect with MIT’s engineering systems division.
• Office network security usually beats home network security.
• Loss or theft of devices is a bigger threat for mobile workers.
• Greater employee control over which devices they use can for work can create security concerns.

Still, the payoffs of web work are high and there are sensible steps organizations can take to minimize these risks. The experts at MIT also offer these recommendations:

• Limit the threat from lost or stolen devices through encryption and tracking. “For thorough security, the entire hard drive should be encrypted and should be accessible only through strong passwords—Microsoft recommends passwords of at least 14 characters, some of which are letters, numbers, and symbols. Furthermore, tracking software can be used to locate a lost laptop, phone, or tablet and remotely wipe it clean of data,” says MIT.
• Decide who needs access to what. Review often. MIT’s Chan suggests “credentialing, which means employees should get access only to the information they require for their work.” And don’t just set these permissions and forget about them. “Security isn’t something companies dust off and adjust once a year,” agrees CTO Edge in another recent piece on telecommuting and security.
• Servers should be vigilant too. “Have servers in a network identify and authenticate all devices attempting to gain access,” suggests MIT. “In a step known as device fingerprinting, the network can try to distinguish a legitimate remote employee from a rogue hacker by looking at the IP address, device serial numbers, and other settings on the user’s computer. If an unfamiliar device attempts to access the network… either entry is denied or the request is evaluated after further authentication (by a phone call to the user, for instance).”

While there are some risks, working remotely can also offer security advantages, according to some experts. For instance, locating files in the cloud, which is increasingly common practices for dispersed teams, means that “there are no files on a physical laptop which could get lost or hacked into,” InfoStreet CEO Siamak Farah has previously told WebWorkerDaily.

Is your team taking all sensible measures to keep your data secure despite being physically dispersed?

Photo courtesy Flickr user Trevor Blake

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• The Future of Work Platforms: An Overview
• Strategic Implications of the Microsoft/Skype Deal
• The Future of Workplaces

The post notes that anomalies in server traffic led the company to suspect its database has been accessed and take appropriate precautions, although it cannot be sure at this point in time. It also points out that the data accessed alone should not be enough to expose an affected user’s stored passwords. To get those, an attacker would also need the user’s master password, which is only really a risk if that password is easy  to guess using a brute force attack. Users with strong, non-dictionary-based master passwords should be relatively safe, although as some users don’t use particularly strong mater passwords, the company has elected to force all of its users to change their master passwords. In addition, the company will be validating users changing their passwords by either checking that the user is visiting from a previously-used IP block, or by validating against their email address.

As a result of the potential breach, LastPass is also beefing up the encryption it uses:

We’re also taking this as an opportunity to roll out something we’ve been planning for a while: PBKDF2 using SHA-256 on the server with a 256-bit salt utilizing 100,000 rounds. We’ll be rolling out a second implementation of it with the client too.

This potential breach is a reminder that storing your passwords with a third party like LastPass or competitor 1Password is risky. Their data is obviously a very attractive target for hackers, despite their encryption and robust security arrangements. But you have to weigh that risk against the convenience they offer: Using a password management tool makes it much easier to have a strong, unique password on every service you use. That’s much more secure than using the same password everywhere, which makes large security breaches, such as the recent PlayStation Network hack  or last year’s Gawker hack, so damaging, as attackers can gain access to wide range of different services with a single password. However, if you’re concerned about storing your passwords in a cloud service, you could always elect use a desktop password management tool like that stores your passwords in a local database like KeePassX instead; the downside is not being able to retrieve passwords everywhere. Whatever password management tool you choose, ensure you pick out a strong master password that’s not going to be easy to crack via a brute force attack.

Photo courtesy Flickr user subcircle

Related research and analysis from GigaOM Pro:
Subscriber content. Sign up for a free trial.

• The Future of Work Platforms: An Overview
• Connected Consumer Q1: The Over-the-Top vs. Pay TV Battle Heats Up

However, with this change comes a new set of challenges for the modern workforce. When do you switch between personal time and work? How do you ensure that you remain productive and motivated? How do you cope with the onset of cabin fever? What are the security issues?

Security

Let’s start with the issue that strikes fear into the IT manager’s heart: security. A recent study conducted by Vanson Bourne and TNS discovered that almost nine in 10 UK IT managers fear the security risks caused by remote working practices. As laptops/smartphones/tablets holding company data venture beyond the office walls, this concern is hardly surprising. Add to this the fact that employees may take paperwork and USB sticks home to access the information they need and you can understand why management and IT teams worldwide break into a cold sweat at the mention of remote working. Intel’s Billion Dollar Lost Laptop Study revealed that 329 U.S. businesses had collectively lost more than 86,000 laptops, worth $2.1 billion. For freelancers, the cost of losing their laptop or smartphone is not just the cost of replacing the device but the loss of trust from clients, which can be devastating.

So what can be done? To keep information on devices safe, there are numerous options: hard disk encryption, data back-up, and security tools that wipe and kill a laptop if stolen. Intel and Fujitsu are just two vendors that have such offerings. Another option, which avoids people needing to carry around USB sticks or notepads, is using the cloud. There are now a number applications out there, including Huddle, which enable content to be stored in secure environments that can be accessed from anywhere at any time , with no VPN access or USB stick required. Gone are the days of the sheepish confession: “I left it on the train/put it in the wash /dropped it in the restaurant” and all the data protection and legal issues that can come with it.

Working Long Hours

With 24/7 access to information comes the challenge of switching off.  Most web workers will have been there: the last check of emails before heading to bed, working over the weekend because you only have to travel as far as your sofa, developing that great idea that popped into your head at midnight because you only have to switch on your laptop. The solution is discipline. One of the beauties of web working is the fact that you can work when it’s convenient for you, but this doesn’t mean you should be working all hours. As pointed out by Simon last year: long hours aren’t healthy. Get a personal trainer or start going to gym classes to break up the day and force you to stop working. Don’t forget to take a proper lunch hour and get out into the fresh air. Arrange to see people and get out of your home office. These may sound like simple tips, but it’s all too easy to get into the routine of continually working.

Cabin Fever

A related issue is cabin fever. Especially if you’re a freelancer or entrepreneur, you can get caught up in your own web worker bubble and forget about the world beyond your home office. My tip is to use tools such as Plancast to find out what events and meet-ups are in your local area. Whether you want to meet like-minded people, build your network or just go out for a few drinks, Plancast is a great place to get started. When I relocated to San Francisco last year to set up a U.S. team, it proved invaluable.

If you’re a remote worker for an organization, make sure that you don’t miss out on vital interactions with your colleagues. Use tools such as Skype to share the snippets of information that you’d normally communicate via face-to-face chats or in passing in the corridor. When there is a company-wide meeting, make sure that you are included via phone, web or video conference so that you have visibility of what’s going on across the business. You are part of the bigger picture, even though you’re not in the office all day, every day.

These tips aren’t rocket science, but hopefully they can help you cope with being part of the 21^st century workforce.

Andy McLoughlin, Co-founder and EVP Strategy at Huddle, can be reached on Twitter @Bandrew.

Photo courtesy stock.xchng user rajsun22

Related content from GigaOM Pro (sub. req.):

• The Future of Work Platforms: An Overview
• How to Manage Consumer-Grade Collaborative Tools in the Workplace
• Top Remote Work Trends to Watch for in 2011

To set up the iTwin, insert the device (with both halves still attached) into a Windows machine. You’ll be prompted to install the software, and to register an email address you can use to disable the device if it gets lost. The two halves are then “paired,” so that they work together to create a connection between computers using 256-bit AES encryption.

You will be able to access one machine from the other, but only if both pieces of the device are installed. For additional security, you can also create a password on the iTwin.

You can leave one half of the device in your office machine, and insert the other into, say, a laptop. You’ll be able to access, move, copy and back up files. You can edit remote files directly, or copy files by dragging and dropping them.

Both iTwin and Pogoplug allow you to connect to your own files remotely without monthly fees, and without using cloud storage. But Pogoplug connects to an external hard drive and makes it available remotely, while iTwin allows you to connect to your entire computer and network. Of course, in order to access a particular machine, you’ll need to leave it on and connected to the Internet.

Of course, there are some security issues to be considered. While iTwin provides a couple of ways to disable the connection if one half gets lost, it might take a while before the loss is noticed. And the connection is bi-directional, so if someone entered your office, they could access your laptop. Frankly, it’s an open question whether the security of this system is better or worse than a software-only solution with strong passwords.

I wasn’t able to fully test the system, since iTwin only works with Windows machines at present, although the developers say a Mac version is in the works. I’ll be interested to see how speedy and stable the system is in actual use, and how well it interacts with Windows’ sleep mode.

iTwin retails for $99 on the developer’s website.

How do you connect with your files while you’re on the road?

Related content from GigaOM Pro (sub. req.):

• Enabling the Web Work Revolution
• Report: The Real-Time Enterprise
• Who Owns Your Data in the Cloud?

WatchDox is one solution. It’s document management and security application that lets you control, track and protect your digital documents. Confidela — the maker of WatchDox — just announced that its software is now available on iOS devices as a native app. WatchDox’s web-based secure document platform is built using Flash, and while it has been available on Android devices for a while, the use of Flash  has kept it off of the iPhone and iPad until now.

While you can’t generate secure digital documents from your iOS device, you can open and read documents that have been secured using WatchDox. With a subscription, you can use the website’s tools to secure your documents, including authenticating users and restricting the forwarding, copying or printing of those documents. You can track activity on a document, including who opened it, what they did with it, and even if they accessed it from their iPhone or iPad. You can also watermark your digital documents, or put in a “time bomb” to limit the duration any user can view it.

Note: The application was still pending approval from the App Store at press time. You can read more from our previous coverage of WatchDox at:

• WatchDox Makes Document Security Simple
• WatchDox Goes Pro and Pay
• WatchDox Bringing Document Security to Android Devices

How do you manage mobile document security?

Related content from GigaOM Pro (sub. req.):

• Are You Empowering Your Mobile Workforce?
• Report: The Real-Time Enterprise
• How to Manage Consumer-Grade Collaborative Tools in the Workplace

Users have the option of indicating that they are using a computer that they trust, which means that they won’t be asked for the verification code in the future from that machine for 30 days.

Google believes that this two-step authentication process, which might seem familiar to users of certain online banking websites, should make Google Apps much more secure; even if  a hacker steals a user’s password, they won’t be able to access the account.

The technology used to implement this system is based on open standards; Google hopes it will allow for integration with other vendors’ authentication technologies in the future. Google is also making the code for the mobile apps open-source so that its customers can customize them.

Administrators for Google Apps Premier, Education and Government Editions can activate two-step verification from the Admin Control Panel now; the mobile apps are available today. Standard Edition customers will be able to access it “in the months ahead.” Google is also planning on making the technology available for individual Google users.

Related GigaOM Pro content (sub. req.): Who Owns Your Data in the Cloud?

I initially wrote about Watchdox when it first launched and then again when it discontinued its free service and went pro. Since that time, the company has:

• Added an Outlook plug-in to give you easy access to security and management features for documents you share with others.
• Offered an offline MS Office PDF plug-in so you’re not locked into the browser-based viewer (both parties need to download the plug-in). This feature allows document collaboration.
• Opened up APIs to developers, which means that you can integrate WatchDox functionality into other systems you’re using, including Sharepoint and Salesforce.
• And, as of today, the company is rolling out mobile device support.

Some examples the company cites as ways to use WatchDox include protecting any proprietary IP and distributing e-books, training documents and other subscription-based or paid materials that you offer electronically. Graphic designers can send drafts or spec work with added WatchDox security protection so that their designs cannot be seen by anyone but the recipient. Consultants can share proprietary reports, proposals, pricing and invoices.

The individual price for WatchDox is $49.95/month.

What are you using to protect and manage the documents you distribute electronically?

Related GigaOM Pro content (sub. req.): Report: The Real-Time Enterprise