Mobile Security Policy Is Disconnected From Employee Reality

A new study found that most companies have security policies for work-issued mobile devices, but many employees don’t know what those policies are.

by / May 26, 2011

As work-issued mobile devices are increasingly used for business and personal pursuits, it’s not surprising that 95 percent of companies have mobile security policies, according to a new study by online security provider McAfee and Carnegie Mellon University. What’s alarming, however, is that roughly one-third of employees surveyed had no clue as to what those policies are.

The report, Mobility and Security: Dazzling Opportunities, Profound Challenges, looks at mobility from the perspective of a company’s senior IT person and general end-users in the workplace. The study, which surveyed 1,500 people around the world, revealed that 63 percent of mobile devices issued for work are also used for personal activities.

“There is a serious disconnect between policy and reality and between policy awareness and policy adherence, in the mobile computing environment. Both IT directors and users are dissatisfied with the status quo,” the report said.

“Devices are no longer just consumer devices or business devices ... they are both,” said Richard Power, the report’s primary author and a distinguished fellow at Carnegie Mellon University’s CyLab, a cyber-security education and research center, in a statement. “Devices are more than extensions of the computing structure; they are extensions of the user. The way users interact with their personal data mirrors the way they want to interact with corporate data.”

Other key findings of the report included:
 

  • Lost and stolen mobile devices are seen as the greatest security concern, with 40 percent of organizations having devices lost or stolen, with half of those containing critical business data.
  • Fewer than half of device users back up their mobile data more frequently than on a weekly basis.
  • Half of device users keep passwords, PIN codes or credit card details on mobile devices.


The McAfee and Carnegie Mellon University findings come on the heels of another study that showed mobile malware is on the rise. In the State of the Web report, released on Feb. 28, by Zscaler, a cloud security vendor, it was revealed that Zeus, a Trojan horse that logs keystrokes to steal financial information, had made its way to mobile devices.

“Data loss remains a huge problem for both consumers and businesses,” said Todd Gebhart, executive vice president and general manager of consumer, small business and mobile for McAfee, in a press release. “This study shows that there is a lot of room for improvement in terms of education and putting the right tools in place to ensure mobile security.”

To download a fully copy of the report, visit McAfee’s website.