Organizations are increasingly becoming dependent on mobile devices, but they face big security challenges as lost or stolen devices compromise sensitive data
Mobile devices are
increasingly becoming a key security risk for enterprises as employees access
sensitive company information using smartphones, tablets, laptops and netbooks.
However, most employees are not thinking enough about protecting corporate data
when using these devices, a recent survey shows.
One in three employees polled
kept sensitive work-related information on their mobile devices, according to a
report published May 24 by McAfee and Carnegie Mellon University. Even though
95 percent of companies have mobile-security policies in place to protect
enterprise data, two-thirds of employees were not aware of their organizations'
policies, the survey found. Most of the companies reported their employees do
not understand how permissions and other access settings on their mobile
The mobile device problem
goes both ways. While many employees use their personal devices to handle
work-related tasks, such as accessing corporate email and viewing documents,
nearly 63 percent of work-issued mobile devices were being used by employees
for personal activities, the report found.
"Devices are no longer just
consumer devices or business devices. They are both," said Richard Power, a
CyLab Distinguished Fellow at Carnegie Mellon University and the primary author
of the report.
The survey found that 72
percent of devices used for work were laptops
and 48 percent were smartphones. Just 10 percent of devices used by the
respondents were tablets. Almost half of organizations said they were very
reliant on mobile devices and 70 percent claimed to be even more reliant than
they were 12 months ago.
BlackBerries are no longer the
enterprise standard as businesses now operate in a "heterogeneous mobile
environment," the report said.
The biggest mobile security
concern for organizations was the fact that sensitive data was getting
compromised when these devices were lost or stolen. About 40 percent of the companies
participating in the survey have experienced the loss or theft of mobile
devices and nearly half of those devices contained "business-critical data."
Over 33 percent of those
devices had a "financial impact" on the organization. The exposed sensitive
data included user data such as contacts, phone logs, email, documents and text
messages, and other data such as customer information, corporate intellectual
property, financial documents and employment records.
"Data loss remains a huge problem
for both consumers and businesses," said Todd Gebhart, executive vice
president and general manager of the consumer, small business and mobile group
The study found that
organizations are considering using location-based technology to track down
lost devices. "It may provide a loss of privacy to the employee, but the
increased recoverability of the device to the user," CyLab's Michael Farb said
in the report.
Considering that banks can
tell when someone is using a credit card in unusual locations and can take
steps immediately, researchers were surprised that companies aren't using
similar location-aware products to protect their data. Behavior monitoring
combined with location can "significantly" strengthen mobile security.
"I find it disturbing that
only 22 percent are using location now and that 30 percent are not even
considering it," Martin Griss, director of the CyLab Mobility Research Center,
said in the report.
Risky behavior and weak
security measures are commonplace, said the report. Companies were concerned
those mobile devices may introduce malware onto the network or that employees
might share sensitive data in unauthorized ways. Fewer than half of users back
up their mobile data more than once a week, and nearly half of the users store
passwords, pin codes or credit card details on their mobile devices. One in
three stored sensitive work-related information on their mobile devices, the
Businesses need to be savvy
about the risks involved with enterprise mobile use, set more nuanced policies,
and provide increased education for employees so that they understand policies
and why they are in place, the researchers concluded.
Over 1,500 individuals from
14 countries were included in the "Mobility
and Security: Dazzling Opportunities, Profound Challenges
" survey. The
report focused on the consumerization of IT and its impact on security by
looking at two perspectives, that of a senior IT executive in companies with
more than 100 employees and of the general "end users" with mobile devices in