Stolen or lost devices and the risks of remote working
44 percent of organizations believe a member of their senior management has lost a mobile device in the last year, whilst 39 percent say senior management had a device stolen.
Vanson Bourne conducted the survey of 500 IT decision makers in the UK and Germany to uncover the risks of remote working and inquire into the security measures organizations have in place. The findings also raised concerns over non-senior management employees, with 54 percent of organizations saying a non-senior management employee lost a device, and 49 percent reported a device stolen within the past year.
The vast majority (93 percent) of these devices contained work related data, including confidential emails (49 percent), confidential files or documents (38 percent), customer data (24 percent) and financial data (15 percent).
Despite the risks, organizations are failing to put in place basic security rules: of those organizations who have, or plan to implement, a remote working or security policy, nearly a third (32 percent) do not specify that devices taken outside the office must be protected with either encryption or passwords. And a quarter (25 percent) does not specify that digital files taken outside the office must be protected with either encryption or passwords.
With over a third of organizations reporting that a device has been lost or stolen in the past six months, the ramifications can be serious. Thirty seven percent of respondents were aware of someone in their organisation having faced disciplinary action due to lost files or work data, and 32 percent were aware of an employee having lost their job as a result within the last year.
However, companies are still failing to control how data leaves the office, with nearly half (48 percent) admitting that they cannot keep track of how employees take data with them, and 54 percent saying that data could be more adequately secured.
“Even amidst continued warnings about data security, and with data breaches making headlines on an almost daily basis, organizations are still not able to secure their intellectual property. The benefits of encryption and password protection are not new, but businesses are simply not enforcing basic security practices,” said Nicholas Banks, Vice President EMEA and APAC, IronKey.
“What’s more, businesses are aware of employees breaking their organization’s security rules to take work outside of the office (67 percent), yet they are doing nothing to address the issue. These responses highlight a careless attitude toward company devices and data. Employees, including senior management, appear to be unaware of the full impact of data loss, and it is exactly those senior level execs that employees are looking to for education, and action, to prevent sensitive data falling into the wrong hands. Organizations have a duty to secure corporate information and the devices on which it is stored,” Banks added.