IT security and data protection firm Sophos has today published independently commissioned research by TNS*, revealing consumer attitudes towards mobile security and the consumerisation of technology. The research indicated that, while 50% of respondents don't feel confident that the information on their mobile or laptop would be secure if they lost the device, 30% of workers state that their company does not have a security policy in place to protect information on personal devices used for work purposes.
Key findings of the survey include:
- Over a quarter (28%) of those surveyed are actively encouraged by their employers to use personal devices at work
- 47% of consumers believe that viruses are a major security threat to mobile devices
- 25% of respondents have only one phone for work and personal use
- Only 13% felt confident that information on their laptop or mobile would be safe if they lost it
These findings reaffirm the results of a poll of Sophos's customer base, which showed that the vast majority of businesses do not approach the protection of personal devices in the same way as they protect company-owned technology.
As security on consumer-owned devices is limited, unprotected devices can accidentally share proprietary data. In spite of this, 60% of respondents said that they've used their personal mobile for work purposes and 43% have used their personal laptop for work, despite limited or no security policies being in place.
As more and more companies look to reduce costs and support flexible working, businesses are increasingly encouraging employees to use personal devices for work. Although mobile technology means that workers can be productive more of the time, it also means that employees are taking sensitive, business critical data with them wherever they go, making it harder for IT security teams to manage and protect these devices.
"People rarely apply the same best practices to their own devices as they do to corporate equipment," said James Lyne, senior technologist at Sophos. "As a result, despite the obvious business benefits, mobile working makes users more vulnerable, both to web-based threats and to simple loss of their devices and data. Almost a quarter of those surveyed admitted to having lost a mobile, and if these devices do not have in-built security features enabled such as passcode protection and encryption, businesses are effectively presenting a vastly increased attack surface to potential cybercriminals."
Sophos's poll of its customer base highlighted that, while 92% of Sophos customers believed that mobile devices increase the security threat to data, 40% are not currently securing mobile devices. Of those that do have a mobile security policy in place, 63% support Blackberry OS, 47% support iPhone iOS and only 31% support Android OS.
"Today's IT security policies need to be focused on strengthening an organisation's defences on the proliferation of operating platforms used by employees, through better web security and patch management, as well as application, device and access control," continued Lyne.
* Survey conducted in March 2011 by TNS Omnibus. Survey sample - 1075 consumers from Great Britain, 702 working full or part time