Several dozen people of my acquaintance have security clearances of varying levels for their jobs. All of them have commented or complained about the restrictions involved with their clearances, mostly regarding their cellphones.
Mobile devices within government have long been a tricky issue. Some of the first high-profile breaches involved lost laptops and government agencies. And you may remember then President-elect Obama fighting to keep using his BlackBerry, which the Secret Service and other agencies deemed as a serious security risk.
A new survey from Mobile Work Exchange shows that perhaps the concerns about mobile device use within government agencies are spot on. The study, “The 2014 Mobilometer Tracker: Mobility, Security, and the Pressure in Between,” finds a gap between policies and government secure mobility behaviors, with 41 percent of the respondents putting their agency at risk.
On the surface, it looks like the government workers are taking the right security steps. Eighty-six percent lock their computer when away from their desk, and 78 percent make sure they store files securely. But that’s in the office and using their desktop computers. The problem comes when they move to their mobile devices. For example, 31 percent of respondents said they use public Wi-Fi, while 25 percent said they don’t use passwords on mobile devices for work. The survey also found that a quarter of the respondents have not received any kind of mobile security training.
Here was a statistic that put into perspective just how serious this lack of security is. The survey revealed that 6 percent of government employees admit their phone was lost or stolen. Six percent is a pretty low number. But that 6 percent equals 3500 federal workers. Now think of the data to which federal workers have access. This is a serious security risk.
But, the most eye-opening figure comes at the end of the survey. People who work for federal agencies do a much better job with mobile security practices than those in the private sector. For example, although 15 percent of government employees have downloaded a non-work-related app on their work device, 60 percent of private sector employees have done the same. Why the difference? I do not know. Perhaps it goes back to those security clearances and the restrictions they put in place or it may be that the government has put policies in place where private industry has not. Even so, government agencies still have a long way to go to create a secure environment for mobile devices, but obviously, private sector has an even longer haul.