Many companies underestimate the hazards represented by lost or stolen mobile devices. When losses actually occur, however, most companies react by blaming the employees, not their own policies.Andreas Fischer
There are clear pros and cons to the use of mobile devices in companies and the related trend toward Bring Your Own Device (BYOD) – the use of private smartphones and tablets within the corporate infrastructure. A recent German/British study conducted by market research specialist Vanson Bourne found that nearly half (44%) of surveyed companies had experienced the loss of a mobile device by an executive in the past year.
Vanson Bourne's analysis encompasses not just smartphones, tablets and laptops, but also USB sticks. Roughly 39 percent of polled organizations indicated that at least one management-level employees has had a device stolen. Things look even worse further down in the hierarchy: 54 percent of non-managerial employees have lost a mobile device. Roughly 49 percent indicated that they've had a device stolen.
Ninety-three percent of all lost hardware contained business-related data, claims Imation, the IT security specialists who commissioned the study. Forty-nine percent contained sensitive emails, while 38 percent held internal files or documents. Another 24 percent were used to store customer data, and 15 percent included financial data.
In spite of these findings, Imation sees a lack of proper corporate security measures on this issue. For example, 32 percent of the surveyed organizations had no policy requiring the encryption or password protection of data on mobile devices. This didn't prevent them from punishing employees who were the victim of data loss, however.
Thirty-seven percent of respondents indicated that at least one employee in the company had been subject to disciplinary proceedings due to lost corporate data. Thirty-two percent knew at least one person who had lost their job in the past year for this reason. Fully 48 percent of surveyed IT decision makers admitted however that they cannot trace when and if employees are leaving corporate premises with data in tow.
"Despite constant warnings about data security and almost daily headlines about data loss, companies remain unable to protect their intellectual property effectively. The benefits of encryption and password protection are nothing new, yet many companies simply ignore the need for basic security measures," says Nicholas Banks, Vice President for EMEA and APAC at Imation subsidiary IronKey.
"Although companies know that many employees abuse the guidelines for mobile work, they do nothing about it. The survey findings highlight a careless handling of business devices and data. Many employees, including top executives, are apparently unaware of the consequences of data loss," Banks concludes. "Companies have an obligation to protect corporate data and the devices or storage media on which it is stored."