Are mobile staff a data risk?

by |

As the pressure to be mobile increases on some employees, many are using their own phones and tablets to work outside the office, but are they putting their companies at risk by doing so?

According to a recent white paper released by Aruba Networks, studies have found an increasing number of workers are using personal devices for work, and that many who do so are leaving sensitive data vulnerable to theft.

With more than half of workers predicted to be using personal devices for work by 2017, these findings should ring alarm bells for many business owners, said the report.

“Your company’s data is at risk. But the threat isn’t from cybercriminals or bored teenagers, instead it is your own employees who are often unwittingly putting your data at risk by failing to ensure their mobile devices are safe and secure,” said the report.

The report found that many workers were failing to secure their devices adequately because of a mistrust of their employers or IT department.

Nearly a quarter of respondents were concerned that adding security software to their device would give their employers access to their personal data, and just over a fifth thought that their IT department would interfere with their personal data if they were to hand over their device.

These feelings highlight a familiar struggle between the tech needs of the company and those of the employees, said the report.

“Your organisation wants control, security and visibility. Your employees want privacy; a barrier between work and play.”

Nearly one in six of the workers surveyed said they had not told their employers they used a personal device for work, and perhaps most worryingly, 22 per cent would not tell their employers if their device had been compromised, even if it leaked company data.

But it’s not just a lack of trust that is a cause for concern, some employees are also skimping on passwords and other basic security measures, said the report.

Close to a quarter of respondents had provided their passwords to another person, and nearly half  did not use an automatic time-out or lock code on the mobile device they used for work.

“The good news is that more than half of workers recognise the hazards of working on mobile devices – they’re easily lost or stolen – and have consequently and sensibly enabled passcode protection. The bad news is that a large chunk of users are leaving personal and work data wide open if their device were to fall into the wrong hands.”

Brokers frequently deal with sensitive client information, and with one in six workers reporting having lost a mobile device in the past, these concerns are very real, said the report.

“It looks like employees and IT departments are gambling with data security, but chance isn’t the only factor. In short, employees resent the power their employers now wield over their personal data, but are equally unconcerned about keeping company data safe.”

Five ways to keep your information secure:

1. Make it important

Most empoyees know how to use basic mobile security measures such as passwords and automatic lock-out systems, but they may not see it as essential.

Impress upon your employees the data that can be accessed on their mobile, and the consequences if that data were to be lost or misused.

2. Limit the risk

The less data stored on the mobile device, the lower the risk. Remember you may be able to stop people from using your own software or platforms once they stop working for you, but you can't take their device from them.

Make sure that none of the appliations or software you use store information locally on the device, and never have passwords or account number stored in places such as memos, text messages or tasks.

3. Make it easy

Make lists of easy-to-use data security tools with simple instructions. If your brokers know what is available, and how to use these, both the company's and their personal data will be more secure.

4. Have policies in place

Simple, but not always done. Make your data security policies clear and ensure all of your employees are aware of them.

5. Communicate

If employees know there are open channels of communication for data security concerns, they'll be more likely to let you know if they notice anything suspicious - hopefully before any data can be compromised.

  • Lain on 25/07/2013 11:06:22 AM

    I'd actually move point 4 up to being the first cab off the rank, as with no corporate policy neither the business nor IT has a defensible position from user accusation - something that geos on a lot with IT services and results in the stereotypical behaviour of the user going up their management tree and it coming down like a tonne of bricks upon the heads of IT.

    This nicely leads into the next point that the context of the article is a little misleading, as IT - in any responsible organisation that has said policies, is not the policy maker but simply the enforcer (or as I prefer, the enabler). I.e. we're told what to do, not free to make up the rules as we see fit. This is relevant when stating that "IT departments are gambling with data security", as that's largely not a by-product of any decisions we're empowered to make.

    Hence the importance of business stakeholders stepping up and taking an active role in addressing this topic.

Corporate Risk & Insurance forum is the place for positive industry interaction and welcomes your professional and informed opinion.

Name (required)
Comment (required)
By submitting, I agree to the Terms & Conditions