The survey of more than 1,500 people conducted by Vanson Bourne on behalf of McAfee and Carnegie Mellon found that fewer than half of companies report that all of their employees understand their mobile device security policies.
“An interesting aspect of the report was that there is a disconnect between the enterprise policies that are in place or being developed and user awareness of those policies”, said David Goldschlag, vice president of mobile at McAfee.
The survey also found that 4 in 10 organizations have had mobile devices lost or stolen that contained business critical data.
More than one-third of mobile device losses have had a financial impact on the organization, and two-thirds of companies that had mobile devices lost or stolen have increased their device security after the loss. However, one in 10 companies did not implement additional security because of budgetary restrictions.
“The risk to the enterprise [from lost or stolen devices] is that data is compromised. The enterprise needs to protect itself if data is lost from a lost device”, Goldschlag told Infosecurity.
Mobile phone applications also pose a risk for devices used in the corporate setting. Applications infected by malware threaten the security of companies, Goldschlag noted. “The enterprise needs ways to manage the devices and protecting itself from malware on these devices”, he said.
The survey also found that fewer than half of device users back up their mobile data more frequently than on a weekly basis. Around half of device users keep sensitive information, such as passwords, pin codes, and credit card details, on their mobile devices. One in three users keeps sensitive work-related information on their mobile devices.
The survey found that 56% of business executives surveyed used mobile devices in the corporate setting, followed by 47% for sales personnel and others in the mobile workforce. One-third of companies allow employees to use mobile devices.
Four different types of mobile devices are used by at least one-third of employees: laptops, smartphones, removable media (including USBs), and external hard drive.
“The question is how do you use the mobile device and get enough governance over the corporate data on the device, but respect the privacy of the individual and respect the right of the individual to use it for personal use”, Goldschlag said. “What the report recommends is having policies in place, but applying them with a nuanced touch, in appropriate ways based on the vertical that you are in and the role of the employee”, he concluded.
Comments
HongwenZhangWedge says:
31 May 2011
Thanks for the article about corporate mobile security and the issues that keep cropping up. The statistics are staggering to say the least, particularly as we see the incredible growth towards corporate mobile computing. Solutions that can provide deep content inspection to detect embedded attacks across corporate mobile devices should also be implemented. While managerial and IT concerns are certainly valid, they also illustrates the importance of ensuring network layer Data Leakage Prevention (DLP) for corporations with employees on the go, in order to prevent the outflow of user/corporate data. Our company, Wedge Networks (www.wedgenetworks.com) has focused on building such solutions for years, and is leading efforts to prevent the good things from flowing out, and bad things from flowing in.
Note: The majority of comments posted are created by members of the
public. The views expressed are theirs and unless specifically stated are not those
Elsevier Ltd. We are not responsible for any content posted by members of the public
or content of any third party sites that are accessible through this site. Any links
to third party websites from this website do not amount to any endorsement of that
site by the Elsevier Ltd and any use of that site by you is at your own risk. For
further information, please refer to our Terms & Conditions.
Comment on this article
You must be registered and logged in to leave a comment
about this article.