It appears that businesses finally understand the security risks that mobile devices present, since now almost everyone is instituting mobile security policies. That's the good news.
https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iThe bad news is that the majority of employees don't know those policies exist. That's the finding of a new study by McAfee and Carnegie Mellon University. The McAfee Mobility and Security Survey interviewed 1500 companies. Other findings include:
- There is a serious disconnect between policy and reality in the mobile computing environment; both IT directors and users are unhappy.
- Lost and stolen mobile devices are seen as the greatest security concern in the mobile computing environment among consumers and IT professionals.
- Although the need for mitigating mobile security risks and threats is acknowledged, risky behaviors and weak security postures are commonplace.
The survey also pointed out a prime reason why it is so important that employers educate and enforce their mobile security policies:
- Almost half of organizations surveyed are at least very reliant on mobile devices, with 31 percent saying they were "very reliant," and 18 percent saying they were "extremely reliant."
- Almost seven in 10 organizations are more reliant on mobile devices now than they were 12 months ago. More than half (51 percent) said that has changed somewhat, while 18 percent said things have "drastically changed."
Not only are people reliant on their mobile devices, they are downloading a lot of apps and the line between professional and personal use continues to blur. And McAfee's own 2011 threat prediction stated, according to the survey:
Attacks against mobile devices - including iPhones, Android devices, and more - will escalate in 2011 as criminals seek to tap into fragile cellular infrastructure' to access often unencrypted business and corporate communications. As mobile devices are increasingly commonplace in corporate and enterprise environments, there are more ways for trade secrets and other critical information to escape into the wild - and McAfee believes cybercriminals will increasingly be looking for it.
So what might help improve mobile security for these business devices? Perhaps location software, but if the data is already stolen, locating the device isn't your biggest problem anymore. The survey suggested several ideas, which just so happen to fall into my regular talking points: Educate your employees of security policy, secure the device with the technologies available and be aware of the threats that are out there.