Despite the rising number of security incidents involving mobile devices, only 14 per cent of companies have a fully developed mobile device security policy for their corporate networks. This is according to new research from Kaspersky Lab and B2B International’s Global Corporate IT Security Risks 2013 study.
IT security incidents involving mobile devices are both growing and diversifying. According to the study, 6 per cent of respondents identified a mobile device as the source of at least one confidential data leakage over the past 12 months. This year, for 5 per cent of the companies surveyed, mobile devices have caused more critical data leakages than phishing attacks. Mobile devices caused more incidents of data leakage than employee fraud or corporate espionage for 4 per cent and 3 per cent of companies respectively.
The reason is obvious; more mobile devices, smartphones and tablets are being used at work on a daily basis. These devices are also often owned by the employees themselves, and so are used for personal as well as business purposes. Having important corporate and personal information (contacts, apps, etc.) to hand on one device is certainly convenient — but it does pose a substantial risk to company security.
Nearly 65 per cent of survey participants admitted that the Bring Your Own Device environment is a growing threat to the security of corporate IT infrastructures. At the same time, nearly 64 per cent of companies do not have plans to impose any prohibitive policies on mobile devices, and about half the companies surveyed believe restrictive measures would be useless.
The use of internal IT security policies for mobile devices, could greatly reduce the business risks associated with smartphones and tablets - but a well-developed mobile device security policy tends to be the exception rather than the rule. Roughly 41 per cent of survey participants reported that their companies do have a policy, but not one that is fully developed, 32 per cent of respondents planned to roll out a mobile device security policy and 13 per cent said that they have no policy in place, and no plans to develop one.
One reason why these policies are not fully implemented may be a shortage of resources in terms of time and money. Nearly half (48 per cent) of those who reported having a mobile device security policy in place said that insufficient funds had been allocated for this, with another 16 per cent stating that no additional funds had been allocated at all.
How to make policies work
Effective Mobile Device Management (MDM) solutions, as provided through Kaspersky Security for Mobile, enable corporate policies to be remotely deployed and enforced, even on BYOD devices. For example, companies can choose to limit the list of applications that can be launched on a mobile device, or block attempts to redirect the user to a malicious website via a smartphone or tablet web browser. Containerisation allows corporate data and applications to be isolated and encrypted, and in the event of loss or theft of the device, the container can be remotely wiped. Offering powerful anti-malware protection and unified management through a single console, Kaspersky Security for Mobile can be purchased separately, or as a feature of Kaspersky Endpoint Security for Business, the integrated security platform.