Corporate IT continues to struggle with how best to protect their organizations from data breaches, viruses, and other cyber-security issues brought on by employees using mobile devices, according to a new survey from NetEnrich. One-hundred fifty IT professionals in North America responded to the survey on enterprise mobile security.
The global proliferation of mobile devices has created significant challenges for corporate IT security professionals. Protecting sensitive corporate data running on mobile devices is paramount to company security, but IT can find itself in hot water with employees, customers, and management if mobile device security protocols are found to compromise end-user experience. The issue is muddled further when employees use devices and applications IT has not pre-approved.
Companies must be proactive in engaging employees about mobile security policies. Fifty-four percent of IT pros surveyed by NetEnrich said their biggest challenge when it comes to managing employee use of mobile devices is simply confirming that all employees have received and reviewed their company’s policies. But even that might not be enough: 55 percent of respondents said their biggest challenge is convincing employees that following the company’s mobile device protocols is in their best interests.
Corporate IT has been clear that its main priority is ensuring their organizations don’t experience breaches or attacks — 68 percent of respondents to NetEnrich’s survey listed this as the top goal of their enterprise mobility security plan. Job security is also a priority. Sixty percent said their primary goal was ensuring that they were “covered from an accountability perspective” in the event there was a breach or attack. By comparison, 50 percent said their top goal was providing employees a guide for using mobile devices.
There’s more corporate IT can do to prevent potential issues, including better communication about policies to employees (46 percent said this approach might help prevent breaches and attacks). Corporate IT also feels that employees should shoulder more responsibility. Forty-eight percent of NetEnrich survey respondents are advocating stricter penalties for employees if and when their mobile devices are breached. Sixty-two percent said there should be stricter policies about which devices and apps can be used.
Priorities and policies aside, breaches and attacks are a fact of life. Forty-two percent of IT pros surveyed by NetEnrich said their organizations suffered the loss of key corporate data from a mobile device. The biggest causes: malware apps (45 percent); public cloud insufficiently secure (44 percent); users cutting and pasting data to unsecured or public locations (42 percent); mobile devices running older versions of operating systems that are known to have security holes (41 percent); and Advanced Persistent Threats lurking on mobile devices (or servers) for a long time (40 percent).
Other key findings from NetEnrich’s 2016 Enterprise Mobile Security Survey:
- 41 percent of NetEnrich survey respondents have lost $50,000-$100,000 over the past three years due to a mobile device security breach or attack
- 52 percent have outsourced some aspect of their mobile security plan or management; 47 percent said the external provider helped them formulate a security policy, and 63 percent said the provider helped them implement the policy
- 75 percent have deployed a threat assessment solution to understand their security risks; 40 percent scan mobile devices using malware scanning solutions; 38 percent use audit and automated compliance solutions to ensure mobile devices are not “jailbroken”; 33 percent do regular audits of employee mobile devices to ensure they are not running devices with out of date operating systems
- 73 percent of organizations have enabled single sign-on for enterprise and cloud apps; 78 percent use multi-factor authentication for access to sensitive apps; 67 percent have migrated on-premises apps to the cloud; 72 percent use Active Directory; 82 percent use Active Directory to support hybrid identification for user access to applications running in the cloud
“Enterprise mobile security concerns, breaches and attacks aren’t new, but that doesn’t mean corporate IT is better equipped to handle these issues today than they were a few years ago,” says Raju Chekuri, president and CEO of NetEnrich. “The reality is, enterprise mobile security is a moving target, for which companies and IT professionals must be adjusting constantly. A policy that works today may not work next year — let alone two to three years from now. The best approach is for IT to work with partners and vendors who develop modern mobile security solutions and best practices, and who understand both the corporate security and employee user-experience demands of the organization.”