29 percent of organisations have already experienced either a data loss or breach as a direct result of mobile working, according to research conducted by Vanson Bourne. As many as 44 percent expect that mobile workers will expose their organisation to the risk of a data breach. Underlining this concern, 48 percent say employees are one of their biggest security risks.
Mobile working concerns
Underlining this concern, 48 percent say employees are one of their biggest security risks. The survey results show that mobile working is a major problem as companies are still uncertain how to enforce adequate security policies, and many have no viable strategies in place.
As mobile devices extend the boundary of the corporate network, ensuring confidentiality, integrity and availability of the data that the devices access, process and store is a constant challenge. Fifty-three percent of surveyed companies said that managing all of the technology that employees need and use for mobile working is too complex, while 35 percent complain that technology for secure mobile working is too expensive.
Lack of security strategy
The survey also found that one in ten companies with over 3,000 employees do not have a security strategy that covers remote working and BYOD. One in ten companies, regardless of size, don’t have a strategy that covers removable media. Removable devices such as compact flash drives can pose a huge risk to businesses, not only because they are easy to lose or steal, but also in terms of the malware they can introduce to networks.
Worryingly, 23 percent of surveyed organisations admit that they have no way of enforcing relevant security strategies they have in place, which is almost as risky as having no policy whatsoever.
Despite some having defined security policies for mobile working, 68 percent say they cannot be certain that their data is adequately secured when employees work remotely or on mobile devices. Encryption is the most viable option for organisations to protect valuable data outside of the corporate network, whilst also balancing control and accessibility. However, only a third of those surveyed say they enforce hardware and software encryption of their data, and 12 percent do not have any policy at all regarding encryption for data that is taken away from the office.
“Whilst data protection is not a straightforward task, companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38 percent say they have no control over where company data goes and where it is stored. Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk,” said Jon Fielding, Managing Director, Apricorn EMEA. “The repercussions associated with a data breach are huge, both in terms of financial and reputational damage. Regulations are put in place to protect the data, its owner and the company responsible for it,” he added.
European General Data Protection Regulation
In 2018, the financial implications will increase when the European General Data Protection Regulation (GDPR) comes into force, and fines of up to €20 million or 4 percent of global annual turnover are introduced.
The survey found a distinct lack of awareness amongst UK companies when it comes to the GDPR requirements: “Companies will need to ensure personal data of European citizens is secure but, disturbingly, 24 percent of the surveyed organisations are not even aware of the GDPR and its implications. On top of this, 17 percent are aware of the regulations, but don’t have a plan for ensuring compliance,” Fielding noted.
Most prominent security risks
When asked about the greatest security risk to their organisation in 2017, half of respondents cited outdated software, followed by employees (48 percent), and the cloud (40 percent) among their top risks. More than a third of those surveyed said BYOD and mobile working were among the biggest liabilities.
While many organisations recognise the security problems associated with mobile working, sometimes it’s down to a lack of adequate training or not providing the right tools: 57 percent of respondents agree that while their mobile workers are willing to comply with security measures, they don’t have the necessary skills or technology to keep data safe. And it may get even harder to secure and enforce data protection in the future as 47 percent agree, or strongly agree, that while the younger generation of workers is more technology savvy, they care less about security than the older generation.