home Cyber Cyber Security Only 1 in 8 companies implement information security policies for mobile devices

Only 1 in 8 companies implement information security policies for mobile devices

Sep 16, 2013

This post is also available in: עברית (Hebrew)

Almost half of all the organizations taking part in the survey have no policy at all, and only 14% fully implement information security policies for mobile devices. The number of security events related to tablets and mobile phones, on the other hand, is on the rise – but most organizations still don’t plan to limit the use of personal mobile devices for work-related purposes. These are only some of the findings of an IT-threats international survey conducted by B2B, in cooperation with Kaspersky Lab.

Information security events having to do with mobile devices have grown more and more common and diverse over the last few years. 6% of the B2B survey participants identified mobile devices as the source of at least one information leak over the last 12 months. Even though that’s a rise of just 1% when compared to 2012, mobile devices were the source of more critical leaks than phishing attacks (5% of organizations), worker fraud (4%) or business espionage (3%).

The cause is clear: More mobile devices – smartphones and tablets – are used daily for work-related purposes. These devices are often owned by the workers, too, and so are used for both personal and professional purposes. Keeping organizational and personal information (contacts, applications and more) on one mobile device is very easy – but it’s also a significant security risk. Almost 65% of the survey participants admitted that BYOD (Bring Your Own Device) policies are a growing threat to the organization’s information security. And yet almost 64% of the organizations don’t plan to limit the use of personal mobile devices, and almost half of them believe that any such limitations will be useless.

iHLS – Israel Homeland Security

Utilizing information security policies and implementing internal regulations for controlling mobile devices can significantly reduce security risks to the organization. According to the survey, though, such well planned policies concerning the use of mobile devices are a rarity. Almost 41% of the participants said that their organizations theoretically have these policies, but they aren’t actually implemented; 32% plan to implement mobile information security policies in the future; and 13% said that they don’t have a policy nor plan to develop one in the future.

One reason for not fully implementing a security policy may be lack of time and resources. Almost half of those who reported that their organization has an information security policy also added that not enough resources were allocated towards its full implementation, and 16% added that no resources were allocated at all.

How to create an effective policy

An effective mobile device management solution (MDM), such as the one provided as part of Kaspersky Security for Mobile, allows the remote enforcement of company policy, even as part of the BYOD policy. Companies may, for example, choose to limit the applications that can be run on a mobile device, or block attempts to redirect a user to a malicious site while surfing a smartphone or tablet.

Isolating and encrypting organizational information and applications ensure that when the device is lost or stolen the sensitive data can be deleted remotely. An effective solution also includes a strong antivirus, and all management should be done through a single control system.