Member Article

Only 1 in 8 companies has a fully implemented mobile device security policy

Despite the rising number of security incidents involving mobile devices, only 14 per cent of companies have a fully developed mobile device security policy for their corporate networks. This is according to new research from Kaspersky Lab and B2B International’s Global Corporate IT Security Risks 2013 study.

IT security incidents involving mobile devices are both growing and diversifying. According to the study, 6 per cent of respondents identified a mobile device as the source of at least one confidential data leakage over the past 12 months. This year, for 5 per cent of the companies surveyed, mobile devices have caused more critical data leakages than phishing attacks. Mobile devices caused more incidents of data leakage than employee fraud or corporate espionage for 4 per cent and 3 per cent of companies respectively.

The reason is obvious; more mobile devices, smartphones and tablets are being used at work on a daily basis. These devices are also often owned by the employees themselves, and so are used for personal as well as business purposes. Having important corporate and personal information (contacts, apps, etc.) to hand on one device is certainly convenient — but it does pose a substantial risk to company security.

Nearly 65 per cent of survey participants admitted that the Bring Your Own Device environment is a growing threat to the security of corporate IT infrastructures. At the same time, nearly 64 per cent of companies do not have plans to impose any prohibitive policies on mobile devices, and about half the companies surveyed believe restrictive measures would be useless.

The use of internal IT security policies for mobile devices, could greatly reduce the business risks associated with smartphones and tablets - but a well-developed mobile device security policy tends to be the exception rather than the rule. Roughly 41 per cent of survey participants reported that their companies do have a policy, but not one that is fully developed, 32 per cent of respondents planned to roll out a mobile device security policy and 13 per cent said that they have no policy in place, and no plans to develop one.

One reason why these policies are not fully implemented may be a shortage of resources in terms of time and money. Nearly half (48 per cent) of those who reported having a mobile device security policy in place said that insufficient funds had been allocated for this, with another 16 per cent stating that no additional funds had been allocated at all.

How to make policies work

Effective Mobile Device Management (MDM) solutions, as provided through Kaspersky Security for Mobile, enable corporate policies to be remotely deployed and enforced, even on BYOD devices. For example, companies can choose to limit the list of applications that can be launched on a mobile device, or block attempts to redirect the user to a malicious website via a smartphone or tablet web browser. Containerisation allows corporate data and applications to be isolated and encrypted, and in the event of loss or theft of the device, the container can be remotely wiped. Offering powerful anti-malware protection and unified management through a single console, Kaspersky Security for Mobile can be purchased separately, or as a feature of Kaspersky Endpoint Security for Business, the integrated security platform.

About Kaspersky Lab

Kaspersky Lab is the world’s largest privately held vendor of endpoint protection solutions. The company is ranked among the world’s top four vendors of security solutions for endpoint users*. Throughout its more than 15-year history Kaspersky Lab has remained an innovator in IT security and provides effective digital security solutions for large enterprises, SMBs and consumers. Kaspersky Lab, with its holding company registered in the United Kingdom, currently operates in almost 200 countries and territories across the globe, providing protection for over 300 million users worldwide. Learn more at www.kaspersky.co.uk.

* The company was rated fourth in the IDC rating Worldwide Endpoint Security Revenue by Vendor, 2011. The rating was published in the IDC report “Worldwide Endpoint Security 2012–2016 Forecast and 2011 Vendor Shares (IDC #235930, July 2012). The report ranked software vendors according to earnings from sales of endpoint security solutions in 2011.

This was posted in Bdaily's Members' News section by Alice Collins .