Continuing on my recent blogs on BYOD, I thought I would share some interesting statistics from this year’s PwC Information Security Breaches Survey. 75% of large businesses allow staff to use smart phones and tablets to connect to their systems yet only 39% ensure that data on these smart phones is encrypted. Mobile devices are often lost or stolen with any data on them exposed. In the wrong hands these devices can potentially open up a door into corporate assets.
While it’s clear that more and more organisations allow the use of these devices, unfortunately the implementation of security controls has not kept up to date. According to the report over half of small businesses haven’t taken any steps to secure them. So, they may be small businesses but protecting information should be based on risk. A lot of small organizations have highly valuable intellectual property e.g. research and pharmaceuticals and therefore must prioritize in protecting this data. Worryingly organizations that allow personal devices vs. company-owned devices were also shown to have weaker controls. In reality these are the very devices that should have even better controls then the corporate-owned devices.
However, there are signs that overall organizations are following best practice and issuing a policy on mobile computing and providing appropriate training. My recent blogs discussed the importance of MDMs as essential in any interim solution yet only 13% of organizations have deployed a Mobile Device Management platform.
It seems we will constantly be playing catch-up if we are to manage and control these devices and the information they access in organizations. Technology for mobile devices moves fast and security controls lag behind and even where there are controls available organizations aren’t actually following a long term strategy and deploying these in a reactive mode the results of which will be no surprise.