More than one-half of employers experience loss through mobile devices
Corporate mobile devices and the bring-your-own-device (BYOD) phenomenon are rapidly circumventing enterprise security and policies in Canada, according to a study conducted by Ponemon Institute and sponsored by content security provider Websense.
Seventy-one per cent of 421 respondents in Canada agree the use of mobile devices in the workplace is important to achieving business objectives, said the Global Study on Mobility Risks. The report surveyed 4,640 IT and IT security practitioners in Australia, Brazil, Canada, France, Germany, Hong Kong, India, Italy, Mexico, Singapore, United Kingdom and the United States.
But 72 per cent of Canadian respondents also believe these devices put their organizations at risk — and only one-half of the organizations surveyed have the necessary security controls to address the risk.
Fifty-eight per cent of the organizations experienced data loss resulting from employee use of insecure mobile devices. Canada and Italy ranked the highest out of 12 countries surveyed for mobile data loss.
"IT has spent years working on desktop security and trying to prevent data loss over web and email channels — but mobile devices are radically changing the game," said Fiaaz Walji, Websense Canadian country manager. "Tablets and iOS devices are replacing corporate laptops as employees bring their own devices to work and access corporate information. These devices open the door to unprecedented loss of sensitive data. IT needs to be concerned about the data that mobile devices access and not the device itself."
Organizations often don't know how and what data is leaving their networks through non-secure mobile devices (such as laptops, USB drives, smartphones and tablets), said the study. Traditional static security solutions such as antivirus, firewalls and passwords are not effective at stopping advanced malware and data theft from malicious or negligent insiders.
Key findings
•Forty-five per cent of respondents reported employees circumvent or disengage security features, such as passwords and key locks, on corporate and personal mobile devices.
•Thirty-four per cent said the data breaches involved disclosure of private or confidential information while 28 per cent said it was theft, removal or loss of information or other resources.
•Sixty-two per cent of Canadian respondents said over the past 12 months, their organizations experienced an increase in malware infections as a result of insecure mobile devices in the workplace.
•Twenty-six per cent said mobile devices are responsible for an increase of more than 50 per cent in malware infections in Canada. And, out of the 12 countries surveyed, Canada made the top three for the highest amount of infections.
•Sixty-five per cent of respondents are most concerned with employees taking photos or videos in the workplace — probably due to fears about the theft or exposure of confidential information.
•Sixty-three per cent of respondents said a top negative consequence of insecure mobile devices is a decrease in employee productivity.