Not only are federal employees using personal devices to access potentially sensitive government data, a significant number of them engage in behaviors that could put the device and, in turn, the data it contains or accesses at risk, according to a survey of 1,000 federal workers.
The survey, conducted by Lookout, found this includes behaviors such as rooting, jailbreaking, and side loading applications, which involves installing applications from places other than official app stores, such as websites or links in email.
Almost a quarter (24 percent) of federal employees send work documents to personal email accounts, and half use their personal devices for work email. Also, 17 percent store work-related documents on personal file sharing apps.
"I have to say, I wasn't terribly surprised by the way federal employees are using their mobile devices to access and store government data. That's just the new way of working," Bob Stevens, vice president of federal systems at Lookout, told eWEEK. "I would be more surprised if we had learned that federal employees weren't doing these things." Stevens did say he was surprised by findings that indicate that federal employees are rather sophisticated in their use of mobile technology."
For example, 7 percent have rooted or jailbroken their devices. It's more than double for those with government-issued devices, which really does shock me," he said. "I'm sure there are rules or possibly even technologies in place, like mobile device management, to prevent these employees from doing this, but they of course still find ways around it."
Eighteen percent of federal employees with smartphones (personal or government-issued) report encountering malicious software. Of those, 19 percent were Android users and 14 percent iPhone users.
In addition, nearly 40 percent of employees at agencies with rules prohibiting personal smartphone use at work say the rules have little to no impact on their behavior.
"Unless federal IT and security leaders start moving at the pace of technology and user behavior, shadow IT issues will continue to get worse," Stevens said. "This report underscores that federal agencies can no longer afford to be late to implement formalized and secure BYOD programs."
Nearly half (49 percent) of federal employees have no security app or solution installed on the mobile devices they use at or bring to work, and 13 percent of them use these unsecured devices for reading or downloading work-related documents.
"The key to enabling mobility without sacrificing security is making sure that your approach to security is aligned with a consumer-oriented user experience. Mobile devices are becoming the predominant productivity tool because of the user experience -- they’re beautiful, simple to use and go with you everywhere," Stevens said. "Traditional approaches to mobile security, however, have locked down devices instead of enabling productivity. When addressing mobile security, I urge agencies to embrace the consumerization of IT and avoid hampering the user experience."