The survey of more than 1,500 people conducted by Vanson Bourne on behalf of McAfee and Carnegie Mellon found that fewer than half of companies report that all of their employees understand their mobile device security policies.
“An interesting aspect of the report was that there is a disconnect between the enterprise policies that are in place or being developed and user awareness of those policies”, said David Goldschlag, vice president of mobile at McAfee.
The survey also found that 4 in 10 organizations have had mobile devices lost or stolen that contained business critical data.
More than one-third of mobile device losses have had a financial impact on the organization, and two-thirds of companies that had mobile devices lost or stolen have increased their device security after the loss. However, one in 10 companies did not implement additional security because of budgetary restrictions.
“The risk to the enterprise [from lost or stolen devices] is that data is compromised. The enterprise needs to protect itself if data is lost from a lost device”, Goldschlag told Infosecurity.
Mobile phone applications also pose a risk for devices used in the corporate setting. Applications infected by malware threaten the security of companies, Goldschlag noted. “The enterprise needs ways to manage the devices and protecting itself from malware on these devices”, he said.
The survey also found that fewer than half of device users back up their mobile data more frequently than on a weekly basis. Around half of device users keep sensitive information, such as passwords, pin codes, and credit card details, on their mobile devices. One in three users keeps sensitive work-related information on their mobile devices.
The survey found that 56% of business executives surveyed used mobile devices in the corporate setting, followed by 47% for sales personnel and others in the mobile workforce. One-third of companies allow employees to use mobile devices.
Four different types of mobile devices are used by at least one-third of employees: laptops, smartphones, removable media (including USBs), and external hard drive.
“The question is how do you use the mobile device and get enough governance over the corporate data on the device, but respect the privacy of the individual and respect the right of the individual to use it for personal use”, Goldschlag said. “What the report recommends is having policies in place, but applying them with a nuanced touch, in appropriate ways based on the vertical that you are in and the role of the employee”, he concluded.