Mobile users: Risky behavior and weak security
Researchers found that while an increasing number of consumers use mobile devices for both business and personal activities, large numbers are not familiar with their employer’s corporate policy on the use of mobile devices.
“Devices are no longer just consumer devices or business devices. They are both,” said Richard Power, a CyLab Distinguished Fellow at Carnegie Mellon University, the primary author of a new McAfee report. “Devices are more than extensions of the computing structure, they are extensions of the user. The way users interact with their personal data mirrors the way they want to interact with corporate data.”
Reliance on mobile devices is already significant and accelerating rapidly. In the survey, almost half of organizations are very reliant on mobile devices. Almost seven in 10 organizations are more reliant on mobile devices than they were 12 months ago.
IT is becoming increasingly consumerized and businesses now operate in a heterogeneous mobile environment where BlackBerrys are no longer the standard. The survey found that 63 percent of devices on the network are also used for personal activities.
Key report findings:
Lost and stolen mobile devices are seen as the greatest security concern for IT professionals and end-users – Four in 10 organizations have had mobile devices lost or stolen and half of lost/stolen devices contain business critical data. More than a third of mobile device losses have had a financial impact on the organization and two-thirds of companies that had mobile devices lost/stolen have increased their device security after this loss.
Risky behaviors and weak security postures are commonplace – Although the need for mitigating mobile security risks and threats is acknowledged, fewer than half of device users back up their mobile data more frequently than on a weekly basis. Around half of device users keep passwords, pin codes or credit card details on their mobile devices. One in three users keeps sensitive work-related information on their mobile devices.
There is a serious disconnect between the policy and reality – 95 percent of organizations have policies in place in regard to mobile devices, however, only one in three employees are very aware of their company’s mobile security policies.
“Data loss remains a huge problem for both consumers and businesses,” said Todd Gebhart, executive vice president and general manager, consumer, small business and mobile, McAfee. “Consumers need tools to protect their personal information and businesses need a way to protect their valuable intellectual property. It’s far too easy to leave a mobile device in a cab, or at the airport. This study shows that there is a lot of room for improvement in terms of education and putting the right tools in place to ensure mobile security.”
The complete report is available here.