Third of companies say they have experienced a data loss or breach as a direct result of mobile working
A lack of rigor and consistency when it comes to protecting data poses significant security risks, as 70% of IT decision makers agreed that securing corporate data is an ongoing battle, and that mobile workers are increasing the risk.
According to a study conducted by Vanson Bourne for Apricorn, a manufacturer of software-free, hardware-encrypted USB drives, around a third (29%) of surveyed organisations have already experienced either a data loss or breach as a direct result of mobile working. A significant proportion, as many as 44%, also expect that mobile workers will expose their organisation to the risk of a data breach.
Underlining this concern, almost half (48%) of the surveyed companies say employees are one of their biggest security risks. The survey results show that mobile working is a major problem as companies are still uncertain how to enforce adequate security policies, and many have no viable strategies in place.
As mobile devices extend the boundary of the corporate network, ensuring confidentiality, integrity and availability of the data that the devices access, process and store is a constant challenge. Altogether, 53% of surveyed companies said that managing all of the technology that employees need and use for mobile working is too complex, while 35% complain that technology for secure mobile working is too expensive.
The survey also found that one in ten companies with over 3,000 employees do not have a security strategy that covers remote working and BYOD. One in ten companies, regardless of size, do not have a strategy that covers removable media, such as USB sticks. Removable devices such as compact flash drives can pose a huge risk to businesses, not only because they are easy to lose or steal, but also in terms of the malware they can introduce to networks.
Worryingly, roughly a quarter (23%) of surveyed organisations admit that they have no way of enforcing relevant security strategies they have in place, which is almost as risky as having no policy whatsoever.
Despite some having defined security policies for mobile working, nearly seven in 10 (68%) said they cannot be certain that their data is adequately secured when employees work remotely or on mobile devices. Encryption is the most viable option for organisations to protect valuable data outside of the corporate network, whilst also balancing control and accessibility. However, only a third of those surveyed say they enforce hardware and software encryption of their data, and 12% do not have any policy at all regarding encryption for data that is taken away from the office.
“Whilst data protection is not a straightforward task, companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38% say they have no control over where company data goes and where it is stored. Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk,” said Jon Fielding, MD, Apricorn EMEA. “The repercussions associated with a data breach are huge, both in terms of financial and reputational damage. Regulations are put in place to protect the data, its owner and the company responsible for it,” he added.
In 2018, the financial implications will increase when the European General Data Protection Regulation (GDPR) comes into force, and fines of up to Euro 20 million or 4% of global annual turnover are introduced. The survey found a distinct lack of awareness amongst UK companies when it comes to the GDPR requirements:
“Companies will need to ensure personal data of European citizens is secure but, disturbingly, 24% of the surveyed organisations are not even aware of the GDPR and its implications. On top of this, 17% are aware of the regulations, but don’t have a plan for ensuring compliance,” Fielding noted.
When asked about the greatest security risk to their organisation in 2017, half of respondents (51%) cited outdated software, followed by employees (48%), and the cloud (40%) among their top risks. More than a third of those surveyed said BYOD and mobile working were among the biggest liabilities.
While many organisations recognise the security problems associated with mobile working, sometimes it’s down to a lack of adequate training or not providing the right tools: Over half (57%) of respondents agree that while their mobile workers are willing to comply with security measures, they do not have the necessary skills or technology to keep data safe. And it may get even harder to secure and enforce data protection in the future as 47% agreed, or strongly agreed, that while the younger generation of workers is more technology savvy, they care less about security than the older generation.
The research consisted of 100 interviews of IT decision makers in the UK, during January. Respondents to this research came from private sector organisations with more than 1,000 employees.