A third of companies say they have experienced a data loss or breach as a direct result of mobile working.
Apricorn, the leading manufacturer of software-free, hardware-encrypted USB drives, today announced new research highlighting that a lack of rigour and consistency when it comes to protecting data poses significant security risks, as 70 percent of IT decision makers agree that securing corporate data is an ongoing battle.
The research, conducted by Vanson Bourne, found that around a third (29 percent) of surveyed organisations have already experienced either a data loss or breach as a direct result of mobile working. A significant proportion – as many as 44 percent – expect that mobile workers will expose their organisation to the risk of a data breach.
Underlining this concern, almost half (48 percent) of the surveyed companies say employees are one of their biggest security risks. The survey results show that mobile working is a major problem as companies are still uncertain how to enforce adequate security policies, and many have no viable strategies in place. As mobile devices extend the boundary of the corporate network, ensuring confidentiality, integrity and availability of the data that the devices access, process and store is a constant challenge. Fifty-three percent of surveyed companies said that managing all of the technology that employees need and use for mobile working is too complex, while 35 per cent complain that technology for secure mobile working is too expensive.
The survey also found that one in ten companies with over 3,000 employees does not have a security strategy that covers remote working and BYOD. One in ten companies, regardless of size, don’t have a strategy that covers removable media, such as USB sticks. Removable devices such as compact flash drives can pose a huge risk to businesses, not only because they are easy to lose or steal, but also in terms of the malware they can introduce to networks. Worryingly, roughly a quarter (23 percent) of surveyed organisations admit that they have no way of enforcing relevant security strategies they have in place, which is almost as risky as having no policy whatsoever.
[easy-tweet tweet=”12 percent do not have any policy.” hashtags=”Data, Mobile “]
Despite some having defined security policies for mobile working, nearly 7 in 10 (68 percent) say they cannot be certain that their data is adequately secured when employees work remotely or on mobile devices. Encryption is the most viable option for organisations to protect valuable data outside of the corporate network, whilst also balancing control and accessibility. However, only a third of those surveyed say they enforce hardware and software encryption of their data, and 12 percent do not have any policy at all regarding encryption for data that is taken away from the office.
“Whilst data protection is not a straightforward task, companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38 per cent say they have no control over where company data goes and where it is stored. Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk,” said Jon Fielding, Managing Director, Apricorn EMEA. “The repercussions associated with a data breach are huge, both in terms of financial and reputational damage. Regulations are put in place to protect the data, its owner and the company responsible for it,” he added.
In 2018, the financial implications will increase when the European General Data Protection Regulation (GDPR) comes into force, and fines of up to €20 million or 4 percent of global annual turnover are introduced. The survey found a distinct lack of awareness amongst UK companies when it comes to the GDPR requirements: “Companies will need to ensure personal data of European citizens is secure but, disturbingly, 24 percent of the surveyed organisations are not even aware of the GDPR and its implications. On top of this, 17 percent are aware of the regulations, but don’t have a plan for ensuring compliance,” Fielding noted.
When asked about the greatest security risk to their organisation in 2017, half of the respondents (51 percent) cited outdated software, followed by employees (48 percent), and the cloud (40 percent) among their top risks. More than a third of those surveyed said BYOD and mobile working were among the biggest liabilities. While many organisations recognise the security problems associated with mobile working, sometimes it’s down to a lack of adequate training or not providing the right tools: Over half (57 percent) of respondents agree that while their mobile workers are willing to comply with security measures, they don’t have the necessary skills or technology to keep data safe. And it may get even harder to secure and enforce data protection in the future as 47 percent agree, or strongly agree, that while the younger generation of workers is more technology savvy, they care less about security than the older generation.
About the survey
The research was conducted by Vanson Bourne, an independent specialist in market research for the technology sector. The research consisted of 100 interviews of IT decision makers in the UK, during January. Respondents to this research came from private sector organisations with more than 1,000 employees.
Vanson Bourne’s reputation for robust and credible research-based analysis is founded upon rigorous research principles and their ability to seek the opinions of senior decision makers across technical and business functions, in all business sectors and all major markets. For more information, visit www.vansonbourne.com.