Cavalier and cantankerous attitudes to mobile security is putting UK business data at risk
Despite the growing prominence of mobile device use and the fact that mobile has the potential to be a highly secure platform, businesses and users appear to be cavalier in their attitude toward the application of mobile security in the workplace, a new study claims.
New research from Entrust, a provider of security solutions, shows that UK business data is currently at risk as a result of haphazard approaches to keeping mobile devices secure. The study, ‘Risky Business: The State of Mobile Security in the UK', identified three types of user approaches to mobile security, which are labelled: Careful; Cavalier; and Cantankerous.
Careful users consistently apply basic security approaches to protect the data on their mobile devices (74% use a PIN lock and never share it with anyone) and they always think about the security of what they are accessing when at work (40%). They are also aware of their company's mobile IT policy and adhere to it (56%).
Cavalier users apply basic security approaches to protect the data on their mobile devices, but freely share their PIN lock with colleagues and friends and family members (7%). They sometimes think about the security of what they are accessing at work (44%) and while they are aware that their company has a mobile IT policy, they do not know what it entails (13%).
Cantankerous users do not apply basic security approaches to protect the data on their mobile devices (19% do not use a PIN lock at all) and they rarely or never think about the security of what they are accessing when at work (17%). And, while they are aware of their company's mobile IT policy, they do not adhere to it (13%).
'Even though users may know that a specific mobile device might not be secure, and despite company security policies in place, many users are not adhering to policy,' said Mark Reeves, vice president, international, Entrust. 'A high proportion of respondents admitted to losing their device they use for work up to three times in one year, and most are only using the simplest form of protection, the PIN lock. Our research also shows that business owners who have the most to lose are among the most reckless.'
Devices in the workplace are on the rise, with 52% of respondents bringing their own mobile device into work and using it for work purposes. Altogether, 71% of 16 to 24 year olds are using their personal mobile at work. This poses a challenge to IT departments that are struggling to put policies and procedures in place to protect corporate data, in particular, when individuals increasingly want the ability to use any device in the corporate environment.
The younger generation is more savvy when it comes to security, but more careless with their mobile devices; 76% of 16 to 24 year olds use a password for business-specific apps compared to 58% of users 55 years old or older. Meanwhile, 27% of 25 to 34 year olds are likely to know if their mobile device had been hacked versus just 17% of users 55 years of age or older. However, 37% of 16 to 24 year-olds admitted to losing a mobile device up to three times a year.
The majority of users are applying only the most basic of security precautions with 81% using a PIN lock alone to secure the data on their mobile phones. However, among users 45 or older, 36% stated that they did not use a PIN lock at all.
When it comes to securing business apps on the mobile, basic password protection still reigns despite more sophisticated and secure approaches; 74% are using the simplest form of password to access their business apps, while the use of more sophisticated approaches, such as encryption, voice recognition and face scanner, are low. People are still concerned about encryption because they think that it will be difficult to get their data back.
Only 60% of users think about security sometimes, rarely or never when they are working. Alarmingly, 22% of business owners think about security rarely or never. However, despite knowing that their company has an IT policy for mobile devices, 28% admit to not adhering to the policy or not being aware of the details.
'The report shows that organisations are increasingly challenged when it comes to properly authenticating both employee-owned and company-issued mobile devices that access corporate systems, data and customer accounts,' said Reeves. 'Businesses, however, should not let poor user practice get in the way. Organisations need to encourage users to be vigilant, even suspicious, to help keep the mobile environment from becoming a point of entry into corporate networks. Companies should seek to put best practice guidelines in place to turn their cantankerous and cavalier users into careful users.'
