A third of all companies say they have experienced a data loss or breach as a direct result of mobile working.
New research from Apricorn, a manufacturer of secure hardware-encrypted USB drives, highlights a lack of cyber security rigor and consistency across organisations.
Around a third of organisations (29%) have experienced a cyber breach as a direct result of mobile working. Mobile working remains a major problem and organisations are still uncertain how to enforce adequate security policies. Many have no viable security strategies for mobile working in place.
The use of mobile devices extends the boundary of the corporate network massively. In fact a better way to think of this may be to say that mobile working destroys the boundary.
As a result, ensuring confidentiality, integrity and availability of the data that these mobile devices access is a constant challenge: too complex according to half the organisations surveyed, and too expensive according to a third of them.
So what is missing? At first, the problem doesn't seem so bad. The research found:
- Only one in ten large companies do not have a security strategy that covers remote working and BYOD
- One in ten companies don’t have a strategy that covers removable media such as USB sticks
- And just one in ten don't require data to be encrypted when taken out of the office
But even if the majority of organisations have (or think they have) policies that are followed by their employees, there are still problems:
- A quarter of organisations have no way of enforcing their security strategies
- Only a third bother to enforce the encryption of hardware and software
- Two thirds say they simply don't know if data is secure when employees are working remotely
Jon Fielding, Managing Director, Apricorn EMEA, commented: "Companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38 per cent say they have no control over where company data goes and where it is stored. Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk.”
In 2018, the financial implications of these risks will increase hugely when the European General Data Protection Regulation (GDPR) comes into force. But the survey found a distinct lack of awareness among UK companies when it comes to the GDPR requirements. According to Jon Fielding "Disturbingly, 24 per cent of the surveyed organisations are not even aware of the GDPR and its implications."
It seems surprising (and, yes, worrying) that a quarter of organisations are still in ignorance of GDPR. But on top of that, nearly a fifth (17 per cent) are aware of the regulations, but don’t have a plan for ensuring compliance. They need to develop one soon: GDPR comes in to force in less than 15 months and agreeing a plan is only the first step in the long road towards compliance.
The research was conducted by Vanson Bourne, for Apricorn. The research consisted of 100 interviews of IT decision makers in the UK, during January. Respondents to this research came from private sector organisations with more than 1,000 employees.
Photo copyright Nadezhda1906 under licence from Thinkboxphotos.co.uk