Stolen Mobile Devices Means Lost Data

Wednesday, September 3, 2014 @ 12:09 PM gHale

With mobile devices ubiquitous in the industry today, a stolen smartphone, laptop or tablet means loss of business data, a new report said.

On top of that, as the rate of stolen mobile devices increases, the average time for IT departments to respond to this security threat has also grown, according to a new report from Kaspersky Lab.

Security Aware: Top 10 Software Design Flaws
New Threats Emerging: Cisco Report
Social Network Security Risks Rampant
Faux Security Program is a RAT

The cause of this delay is employees becoming slower to notify their employers of missing devices, with only half of employees reporting theft quickly. Across businesses that experienced mobile device theft, 19 percent said the device theft resulted in the loss of business data, meaning businesses have a one-in-five chance of losing data if a corporate mobile device ends up purloined.

After receiving input from thousands of IT security managers around the world as part of the company’s 2014 IT Security Risks survey, Kaspersky Lab found 38 percent of employees take up to two days to notify their employers of stolen mobile devices, and 9 percent wait three to five days. The percentage of employees who notified their employers the same day the incident occurred decreased from 60 percent to 50 percent from 2013 to 2014. This delay can create a significant window of vulnerability and makes the loss of sensitive business data more likely.

The survey also found the rate of mobile device theft overall has continued to climb over the years, with 25 percent of companies experiencing the theft of a mobile device in 2014, a significant increase from the 14 percent reported in 2011.

As stolen devices become more common, employees appear to be responding more slowly, with only half of employees in 2014 reported a stolen device on the same day the incident occurred. The growing prevalence of stolen mobile devices may be a contributing factor to employee apathy, since an user may view a stolen smartphone as a somewhat common occurrence, and not a rare crisis that demands attention.

The rate of mobile device theft varied significantly across regions. The Middle-East reported the lowest rate of mobile device theft by far, with 8 percent of businesses reporting an incident, followed by 15 percent in Japan and Russia.

When looking at behaviors of employees in specific regions, North American employees are the slowest to respond based on 2014 survey data, with 43 percent of North American employees reporting a stolen device on the same day as the incident. The Asia-Pacific region saw the biggest change year-over-year with 47 percent of employees reporting same-day notification in 2014, a drop from 74 percent last year.

Given this rising rate of device and data theft surrounding mobile devices, it should come as no surprise 52 percent of survey respondents said they are “more concerned about mobile” than in previous years. In fact, 43 percent said mobile working patterns “introduce too much risk,” despite the obvious productivity benefits these devices can bring to the business. Another 42 percent believe that “BYOD (Bring Your Own Device) mobile policies present an increased security risk” for businesses.

Despite these IT department concerns, mobile device usage shows no signs of slowing down, with 34 percent of respondents listing “the integration of mobile devices” as one of their top concerns during the past 12 months, a higher rate than managing hardware upgrades or even the deployment of virtualization technology.

This leaves IT managers dealing with multiple security challenges associated with a mobile workforce, and as the demand for mobility increases, users appear to be less engaged in helping secure mobile platforms. This is a tough set of circumstances that requires a well-planned security policy and the right security technology.

A mobile device management (MDM) policy that integrates within existing endpoint security software can be a huge value to IT managers trying to stay ahead of mobile security challenges. By keeping an MDM policy managed through the same console as businesses other endpoint security software, IT managers can enforce policies customized to each individual employee, including “containerization” that keeps business information on mobile devices encrypted and separated from personal data on employee-owned devices.

Leave a Reply

You must be logged in to post a comment.