How protected is your business when it comes to Bring Your Own Device (BYOD)?
Seventy per cent of IT decision makers agree that securing corporate data is an ongoing battle.
That’s according to a new study which found that around a third (29%) of surveyed organisations have already experienced either a data loss or breach as a direct result of mobile working.
Forty-four per cent of those polled expect mobile workers to expose their organisation to the risk of a data breach, while nearly half (48%) say employees are one of their biggest security risks.
The survey results suggest mobile working is a major problem since companies are still uncertain how to enforce adequate security policies and many have no viable strategies in place.
As mobile devices extend the boundary of the corporate network, ensuring confidentiality, integrity and availability of the data that the devices access, process and store is a constant challenge.
Fifty-three per cent of surveyed companies said that managing all of the technology that employees need and use for mobile working is too complex, while 35% complain that technology for secure mobile working is too expensive.
The survey also found that one in 10 companies with more than 3,000 employees do not have a security strategy which covers remote working and BYOD (Bring Your Own Device).
It revealed that one in 10 companies, regardless of size, don’t have a strategy which covers removable media, such as USB sticks. Yet removable devices, such as compact flash drives, can pose a huge risk to businesses, not only because they are easy to lose or steal, but also in terms of the malware they can introduce to networks.
Roughly a quarter (23%) of surveyed organisations admit that they have no way of enforcing relevant security strategies they have in place, which is almost as risky as having no policy whatsoever.
Despite some having defined security policies for mobile working, nearly 7 in 10 (68%) say they cannot be certain that their data is adequately secured when employees work remotely or on mobile devices.
According to those in-the-know, encryption is the most viable option for organisations to protect valuable data outside of the corporate network, whilst also balancing control and accessibility. But only a third of those surveyed say they enforce hardware and software encryption of their data, and 12% do not have any policy at all regarding encryption for data that is taken away from the office.
Jon Fielding, Managing Director, Apricorn EMEA, which commissioned the research, said: “Whilst data protection is not a straightforward task, companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38% say they have no control over where company data goes and where it is stored.
“Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk.The repercussions associated with a data breach are huge, both in terms of financial and reputational damage. Regulations are put in place to protect the data, its owner and the company responsible for it.
Fielding says that, in 2018, the financial implications will increase when the European General Data Protection Regulation (GDPR) comes into force, and fines of up to €20 million or 4% of global annual turnover are introduced. The survey found a distinct lack of awareness amongst UK companies when it comes to the GDPR requirements.
He added: “Companies will need to ensure personal data of European citizens is secure but, disturbingly, 24% of the surveyed organisations are not even aware of the GDPR and its implications. On top of this, 17% are aware of the regulations, but don’t have a plan for ensuring compliance.”
When asked about the greatest security risk to their organisation in 2017, half of respondents (51%) cited outdated software, followed by employees (48%), and the cloud (40%) among their top risks. More than a third of those surveyed said BYOD and mobile working were among the biggest liabilities.
It appears that while many organisations recognise the security problems associated with mobile working, sometimes it’s down to a lack of adequate training or not providing the right tools: Over half (57%) of respondents agree that while their mobile workers are willing to comply with security measures, they don’t have the necessary skills or technology to keep data safe. And it may get even harder to secure and enforce data protection in the future as 47% agree, or strongly agree, that while the younger generation of workers is more technology savvy, they care less about security than the older generation.
The research was conducted by Vanson Bourne, an independent specialist in market research for the technology sector. The research consisted of 100 interviews of IT decision makers in the UK, during January. Respondents to this research came from private sector organisations with more than 1,000 employees.
Headquartered in California, Apricorn provides secure storage solutions to prominent global companies in finance, healthcare, education, and government.