Are businesses failing badly on mobile security?
Businesses could be failing to provide adequate protection to mobile workers and the sensitive data they may carry.
New research from secure document destruction company Shred-it found that more than two-thirds (68%) of SMEs surveyed did not have an information security policy for off-site work environments and flexible workers. This was despite the fact that 58% of smaller businesses had at least some flexible workers working off-site at various times.
Larger businesses were slightly worse, with 69% of respondents admitting they had no such policy in place. Larger businesses were also more likely to have workers operating off-site, with 92% reporting they had at least some mobile employees.
The Shred-it survey was conducted in the US but another study conducted by secure identity solutions firm HID found that workers in the UK and the rest of Europe might be just as casual when it comes to mobile security.
The HID survey found that 77% of UK workers said they were not concerned about mobile security. This was slightly higher than the European average of 74% but behind Germany, where 82% of workers said they were unconcerned with mobile security.
The research also found that 60% of European SMEs did not have security restrictions for mobile devices in place. Larger companies fared better this time however, with just a third (33%) reporting that they did not have restrictions in place.
Bring Your Own Device (BYOD) is an increasingly common practice and it does have its benefits. It can improve flexibility and productivity, as individuals are often more familiar with their own devices, they can use them at home or elsewhere offsite and it can be cheaper than providing corporate devices.
It’s important for businesses that do encourage or allow the practice to have a BYOD security strategy and contingency plans in place to cover any financial issues that might arise from a security breach. Measures that can be put into place include restricting access to sensitive information without authorisation and restricting the information that can be shared between devices or between devices and the cloud.
By Phil Smith