Only about one in seven – 14 per cent of companies have a fully developed mobile device security policy for their corporate networks. That is despite the rising number of security incidents involving mobile devices, according to new research from Kaspersky Lab and B2B International’s Global Corporate IT Security Risks 2013 study.
IT security incidents involving mobile devices are both growing and diversifying. According to the study, 6 per cent of respondents identified a mobile device as the source of at least one confidential data leakage over the past 12 months. This year, for 5 per cent of the companies surveyed, mobile devices have caused more critical data leakages than phishing attacks. Mobile devices caused more incidents of data leakage than employee fraud or corporate espionage for 4 per cent and 3 per cent of companies respectively.
The reason; more mobile devices, smartphones and tablets are being used at work on a daily basis. These devices are also often owned by the employees themselves, and so are used for personal as well as business purposes. Having important corporate and personal information (contacts, apps) to hand on one device is certainly convenient — but it does pose a substantial risk to company security.
Nearly 65 per cent of survey participants admitted that the Bring Your Own Device environment is a growing threat to the security of corporate IT infrastructures. At the same time, nearly 64 per cent of companies do not have plans to impose any prohibitive policies on mobile devices, and about half the companies surveyed believe restrictive measures would be useless.
The use of internal IT security policies for mobile devices, could greatly reduce the business risks associated with smartphones and tablets – but a well-developed mobile device security policy tends to be the exception rather than the rule. Roughly 41 per cent of survey participants reported that their companies do have a policy, but not one that is fully developed, 32 per cent of respondents planned to roll out a mobile device security policy and 13 per cent said that they have no policy in place, and no plans to develop one.
One reason why these policies are not fully implemented may be, the IT security firm suggests a shortage of resources in terms of time and money. Nearly half (48 per cent) of those who reported having a mobile device security policy in place said that insufficient funds had been allocated for this, with another 16 per cent stating that no additional funds had been allocated at all.
