Despite the growing prominence of mobile device use – and the fact that mobile has the potential to be a highly secure platform – businesses and users appear to be cavalier in their attitude toward the application of mobile security in the workplace. New research shows that UK business data is currently at risk as a result of haphazard approaches to keeping mobile devices secure.
Even though users may know that a specific mobile device might not be secure, and despite company security policies in place, many users are not adhering to policy. A high proportion of respondents admitted to losing their device they use for work up to three times in one year, and most are using the simplest form of protection – the PIN lock. The research also shows that business owners who have the most to lose are among the most reckless.
The study identified three types of user approaches to mobile security:
Careful: These users consistently apply basic security approaches to protect the data on their mobile devices (74 percent use a PIN lock and never share it with anyone) and they always think about the security of what they are accessing when at work (40 percent). They are also aware of their company’s mobile IT policy and adhere to it (56 percent).
Cavalier: These users apply basic security approaches to protect the data on their mobile devices, but freely share their PIN lock with colleagues and/or friends and family members (7 percent). They sometimes think about the security of what they are accessing at work (44 percent) and while they are aware that their company has a mobile IT policy, they do not know what it entails (13 percent).
Cantankerous: These users do not apply basic security approaches to protect the data on their mobile devices (19 percent do not use a PIN lock at all) and they rarely or never think about the security of what they are accessing when at work (17 percent). And, while they are aware of their company’s mobile IT policy, they do not adhere to it (13 percent).
Personal Devices Are On The Rise
52 percent of respondents bring their own mobile device into work and use it for work purposes with 71 percent of 16- to 24-year-olds using their personal mobile at work. This poses a challenge to IT departments that are struggling to put policies and procedures in place to protect corporate data – in particular, when individuals increasingly want the ability to use any device in the corporate environment.
The younger generation is more savvy when it comes to security, but more careless with their mobile devices. 76 percent of 16- to 24-year-olds use a password for business-specific apps compared to 58 percent of users 55 years old or older. 27 percent of 25- to 34-year-olds are likely to know if their mobile device had been hacked versus just 17 percent of 55 plus-year-old or older. However, 37 percent of 16- to 24-year-olds admitted to losing a mobile device up to three times a year.
The majority of users are applying only the most basic of security precautions. 81 percent use a PIN lock alone to secure the data on their mobile phones. However, among users 45 or older, 36 percent stated that they did not use a PIN lock at all.
Basic Password Protection Still Reigns
74 percent are using the simplest form of password to access their business apps, while the use of more sophisticated approaches – such as encryption, voice recognition and face scanner – are low. People are still concerned about encryption because they think that it will be difficult to get their data back. However, we do not think about security much at work. 60 percent of users think about security sometimes, rarely or never when they are working. Alarmingly, 22 percent of business owners think about security rarely or never.
Not Adhering To Mobile Security Policies
The report shows that organisations are increasingly challenged when it comes to properly authenticating both employee-owned and company-issued mobile devices that access corporate systems, data and customer accounts. Businesses however should not let poor user practice get in the way. Organisations need to encourage users to be vigilant, even suspicious, to help keep the mobile environment from becoming a point of entry into corporate networks. Companies should seek to put best practice guidelines in place to turn their cantankerous and cavalier users into careful users.