Report: Businesses at risk from unreported mobile device theft
Part of a company embracing mobile devices is ensuring tools are in place to remotely wipe sensitive data from a smartphone or tablet if it is lost or stolen. A new study from Kaspersky Lab identifies an obvious and concerning fact, though—those tools offer little value if the missing device isn’t reported.
Kaspersky Lab surveyed nearly 4,000 IT professionals regarding mobile device security concerns. The results illustrate the challenges facing IT managers and an apparent disregard among users for securing mobile devices or protecting business data.
When a smartphone or tablet is lost or stolen, every minute counts. If the device wasn't locked at the time of its loss or theft, whoever is in possession of it may still be able to access the applications and data it contains. IT personnel can only take steps to lock down the device and erase sensitive data if they know the device has been compromised in the first place.
According to the Kaspersky survey, only half of employees report the loss or theft of a mobile device within one day. In North America, that number drops to just 43 percent. More than a third—38 percent—take up to two days to notify their employer of a missing mobile device, and almost one in 10 employees may take up to five days to report one.
What is even more concerning is those numbers are heading in the wrong direction. When Kaspersky conducted a similar survey in 2013, 60 percent of employees reported a lost or stolen mobile device within a day.
Obviously, this is concerning. More than four in 10 IT professionals believe BYOD policies and mobile working patterns introduce increased risk for businesses.
As mobile devices continue to gain prevalence and become primary computing devices for many users, organizations are going to have to reconcile the risks posed by mobile devices with the lack of concern by users.
It’s possible users may not initially realize a mobile device is missing or when they do, they don’t report it immediately because they believe they will find it. It may be users fail to report a missing mobile device out of fear of the consequences of having lost it. Organizations need to stress the urgency of reporting a lost or stolen device and foster an environment where users are more concerned about protecting sensitive business data than they are about any personal repercussions.
In the meantime, it would also be prudent for organizations to implement stricter security controls on mobile devices, such as policies that enforce automatically locking the device after a relatively short idle period. This will thwart easy access to the data it contains and buy time so it can be remotely wiped.