Report Finds Serious Disconnect Between Businesses and Mobile Users. Half of Lost or Stolen Devices Contain Business Critical Data
In collaboration with Carnegie Mellon University, McAfee today released “Mobility and Security: Dazzling Opportunities, Profound Challenges”, a report focusing on the consumerization of IT and its impact on security.
The report looks at mobility from two perspectives — that of the company’s senior IT professional and that of the end users of mobile devices in the workplace. Researchers found that while an increasing number of consumers use mobile devices for both business and personal activities, large numbers are not familiar with their employer’s corporate policy on the use of mobile devices.
According to the report, 95 percent of organizations have policies in place in regard to mobile devices, yet, only one in three employees are “very aware” of their company’s mobile security policies.
Interestingly, the report reveals that only 22 percent are using location-based technology now, and that 30 percent are not even considering it. “It may provide a loss of privacy to the employee, but increased recoverability of the device to the employer,” said CyLab’s Michael Farb, one of the developers of KeySlinger, a security app for iPhone and Android smartphones. “But the recoverability is only useful if the data on the device has been encrypted and not erased or otherwise compromised by the thief,” Farb added.
“I find it disturbing that only 22 percent are using location now,” Said Martin Griss, director of the CyLab Mobility Research Center. “Banks already know when my credit card is being used in unusual locations or in unusual ways and immediately try to protect me and limit risk–and the exposure that many companies face is significantly greater than misuse of my credit card. While it is not surprising that using context other than location is still in its early stages since most context-aware work is still in the realm of research, simple behavior monitoring to detect abnormal patterns, perhaps combined with location, is feasible today, and can significantly strengthen mobile security.”
Key Report Discoveries:
• Lost and stolen mobile devices a major security threat for IT professionals and end-users – Four in 10 organizations have had mobile devices lost or stolen and half of lost/stolen devices contain business critical data. More than a third of mobile device losses have had a financial impact on the organization and two-thirds of companies that had mobile devices lost/stolen have increased their device security after this loss.
• Employees in the dark on corporate mobile security policies– 95 percent of organizations have policies in place in regard to mobile devices, however, only one in three employees are very aware of their company’s mobile security policies
• Risky behaviors and weak security postures are commonplace – Fewer than half of device users back up their mobile data more frequently than on a weekly basis. Around half of device users keep passwords, pin codes or credit card details on their mobile devices. One in three users keeps sensitive work-related information on their mobile devices.
“Data loss remains a huge problem for both consumers and businesses,” said Todd Gebhart, executive vice president and general manager, consumer, small business and mobile, McAfee. “Consumers need tools to protect their personal information and businesses need a way to protect their valuable intellectual property. It’s far too easy to leave a mobile device in a cab, or at the airport. This study shows that there is a lot of room for improvement in terms of education and putting the right tools in place to ensure mobile security.”
“Devices are no longer just consumer devices or business devices. They are both,” said Richard Power, a CyLab Distinguished Fellow at Carnegie Mellon University, the primary author of the report. “Devices are more than extensions of the computing structure, they are extensions of the user. The way users interact with their personal data mirrors the way they want to interact with corporate data.”
The report based on a survey of more than 1500 information technology and end user respondents from 14 countries and was commissioned by McAfee and produced by Carnegie Mellon’s CyLab. The participants were split between two surveys targeted towards general end-users of mobile devices and senior IT decision makers in companies with 100 or more employees. A full copy of the report is available for download at www.mcafee.com/mobilesecurityreport (Free No Registration Required)
