The 750 IT and security professionals surveyed by Dimensional Research on behalf of Check Point cited significant security concerns about the loss of sensitive information stored on employee mobile devices, including corporate email (79%), customer data (47%) and network login credentials (38%).
The use of personal mobile devices, such as smartphones and tables, is proliferating in the workplace. While businesses are steadily accepting this trend, IT administrators struggle with securing the abundance of devices and operating systems, while also protecting their organization against data loss and the rise in mobile threats, Check Point observed.
A full 94% of respondents said their firm has seen a marked increase in the number of personal mobile devices connecting to the corporate network, with 78% of respondents seeing the number of devices more than double in the last two years.
Apple (30%) and BlackBerry (29%) were the most common types of mobile devices connecting to corporate networks, followed by Android (21%). Nearly half of respondents believe that Android devices pose a larger security risk to the mobile enterprise than other devices.
Personal and corporate-owned mobile devices store and access a variety of sensitive information, including email (79%), customer data (47%) and login credentials (38%) for internal databases or business applications.
A full 62% of respondents believe the lack of security awareness among employees is the greatest factor impacting mobile data – followed by mobile web browsing (61%), insecure Wi-Fi connectivity (59%), lost or stolen devices (58%), and malicious mobile application downloads (57%).
Surprisingly, a full 72% of survey participants said that careless employees pose a greater security risk to the organization than hackers (28%).
“Employee awareness is going to be key for IT professionals moving forward”, said Scott Emo, head of endpoint product marketing at Check Point. “This might mean not just the one security class that employees take when they come into the corporation, but it means ongoing training for employees to increase awareness that these mobile devices have confidential corporate information on them”, Emo told Infosecurity.
Emo recommended that companies put in place policies to ensure that the mobile device has a password securing it, that sensitive content is encrypted, that there is a capability to wipe the device if it is lost or stolen, and that security patches are kept up to date on the devices.
“The consumerization of IT is here to stay. It is a problem that IT professionals have to deal with. It is not going away; it is only increasing. It appears that education is going to be a key over the next few years in minimizing the risk that corporations have from this new way of getting corporate data”, he concluded.