Security Experts:

NYU-Poly Study Highlights Disconnect Between BYOD and Mobile Protection

A recent study by AT&T and the Polytechnic Institute of New York University (NYU-Poly) has discovered that while a majority of small businesses allow the use of mobile devices (phones and tablets), very few of them are taking any proactive measures when it comes to device security.

The study focused on 623 small business owners and employees who responded to an online survey in September. According to the results, 90% of the respondents allow employee access to company email via mobile devices, and 41% allow access to company data (files). Moreover, 83% of them allow personal devices to be used for work.

However, only 65% expressed concern when it came to information and data security of wireless devices, and less than 29% of the respondents confirmed that AV was being used on smartphones in the office. In addition, while 82% of the respondents have taken steps to protect laptops, only 32% are protecting smartphones (AV, and other MDM protection), and only 39% are protecting tablets. Of the majority not taking steps to protect these mobile devices, fewer than half (42%) have plans to increase security.

"There is a troubling disconnect between business owners who want to keep data safe and the necessary steps to protect it," said Ed Amoroso, Chief Security Officer, AT&T.

"With more employees using mobile devices, especially personal devices, business data is increasingly vulnerable to cyber threats. Protecting critical information can be easy and affordable, and small businesses need to recognize the reality of today's environment...”

In addition to mobile security questions, the survey also asked business owners whether their business had experienced a cyber or online security incident. Nearly four in 10 (37%) reported being the victim of a security breach, such as a virus, mobile malware or phishing, with 21 percent being victimized within the last two years.

"Small businesses need to better understand their risk profile," said Nair Memon, Professor of Computer Science and Engineering and founding director of The Center for Interdisciplinary Studies in Security and Privacy (CRISSP) at NYU-Poly.

"This means treating every device that touches your network, from laptops to smartphones, as vulnerabilities and ensuring that security is built into the equation at every level."

Additional findings from the study can be found here.

Related: Free 14 Day Trial - Eliminate Mobile Device Risks with Mobilisafe From Rapid7

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.