Combating (Hidden) Employee Behavior that Puts Data at Risk

Posted on December 11, 2014

Geralt_drawing_of_open_plan_office_from_PixabayIn a recent guest post on the Business2Community website, Absolute Software VP Stephen Midgley wrote that while mobile devices have created a productive work environment where nearly everything is instant, collaborative and shareable, employees are also putting valuable company data at risk by ?getting up to mischief.?

Midgley wrote that his U.K.-based company researched employee mobile device behaviors on company-issued smartphones and tablets. ?More than half (53%) of respondents use their work devices for personal activity, from shopping to social networking, gaming and porn. Indeed, 3% admitted to having ?sexted?, taken compromising photos of their partner or installed a porn app on their device. 5% have also watched or listened to pirated material and 2% have used the dating app, Tinder,? he said.

In addition, 28% admitted to having taken their work device on a ?night out?, Midgley said. In the U.S., where only a fraction of companies issue company-owned devices, the percentage of employees who carry their personally-owned smartphones with them when they go out in the evening is likely to be far higher. Why does that matter?

Mobile devices are a thief?s doorway to company data. A lost or stolen phone puts that data at risk ? and phones taken to bars, restaurants, and other entertainment venues are more likely to be left behind or stolen than those left in a briefcase at home. But lost or stolen devices are just one of the ?hidden? employee behaviors that put company data at risk according to Jared Hansen, CEO of secure mobile printing leader Breezy.

?I am a huge supporter of BYOD,? Hansen says. ?But companies need to realize that educating employees about data security, and taking proactive steps with enterprise mobility management (EMM) solutions that include secure mobile printing, is an important part of protecting the company from a potential data breach. It takes a strong security policy, the right tools, and informed, motivated employees to protect mobile devices and the valuable data they contain.?

More Risky Human Behavior

New research announced this month by the Ponemon Institute and Accellion says that less than a quarter of employees (20%) say they received any mobile security training from their employer, although 88% say they have accessed company confidential information on a mobile device. Worse, of those who said they had received security training for mobile device access and content management in the workplace, 74% said the training they received was not helpful in reducing security risks.

Other statistics from the survey include:

  • 66% of respondents say they have downloaded and used mobile apps that do not have the approval of their company.
  • 19% say they made sure the apps they downloaded did not contain viruses or malware.
  • 22% percent of respondents say they think such behavior puts their company at risk.

Hansen says that it?s important to remember that employees want to be more productive, and most of them don?t intentionally put company or personal data at risk. ?But people are simply not aware of the security risks they?re taking, and so they engage in activities that are common for consumers, such as storing documents in an unsecured public cloud like Dropbox or iCloud, without realizing that they could be creating a serious security problem for their employer.?

The new Ponemon survey bears out his belief. When asked, survey respondents deny that they have personally put their company?s confidential information at risk with mobile devices, but 75% believe that other employees are doing so. The complete Ponemon study can be downloaded by clicking here.

IT Inaction Puts Data at Risk, Too

Gartner is projecting that worldwide shipments of mobile devices will reach 2.4 billion units by the end of 2014. St. Louis-based Digital Partners Incorporated, an enterprise reseller of Apple products, says that the record sales of mobile devices are combining with a lack of BYOD management and network security policy to pose unnecessary risks for companies.

Matina Koronis-Koester, president of Digital Partners, told St. Louis Today that enterprise mobility management tools and security policies are not keeping pace with the use of mobile devices. Koronis-Koester cited data from Millward Brown showing that half of U.S. employees report storing work-related information on their personal mobile devices whether the company has a BYOD policy and security tools in place or not.

A Harris Interactive survey reported that about 90% of American companies allow removable storage devices on corporate networks if the term ?removable storage devices? is expanded to include iPhones, Android smartphones, tablets, USB drives and optical media. But, Koronis-Koester says that nearly two-thirds of those companies do not enforce encryption on the mobile devices, according to the survey?s findings.

Finally, Koronis-Koester pointed out that recent research conducted for JAMF shows 60% percent of IT survey respondents do not believe that their 2015 budgets will increase enough to help them manage the growing number of new mobile devices being used in the enterprise.

?So, the lack of BYOD management policies and network security, coupled with greater business and personal use of mobile devices, will create even more significant risks for corporations next year,? she said.

A September study from Spiceworks supports that position, showing that 98% percent of IT professionals are concerned about security risks affecting mobile devices, but less than half of them are actively working to protect these devices, either through mobile device management solutions or anti-malware software. The results of the study are particularly surprising given the rise in security breaches gaining attention during the past year.

Budgetary constraints and a general perception of lack of internal concern are the two biggest factors holding back many IT administrators from ramping up their mobile security, the survey said. According to the study, eight out of 10 IT administrators support between one to two mobile devices per employee, with 90% confirming employees are mostly bringing smartphones to work. An additional 77% reported that employees use tablets, while 21% are now supporting wearable devices, an increase of more than 8% in just six months.

So what are IT professionals doing to protect their enterprise mobile devices? Not much, according to Spiceworks. Many admins have chosen to simply limit user access to corporate data in an effort to protect sensitive information. And among those who do or plan to utilize some form of mobile security within the next year, only 49% will choose an MDM or EMM solution, while 41% are planning to adopt malware and anti-virus software specifically designed for mobile devices.

Taking the Right Steps to Protect Data

When it comes to mobile device security, the obvious choice ? restricting an employee?s ability to use a mobile device to access company data ? may not be the best choice, Hansen says. ?Trying to lock down employee choice and access doesn?t really work, because employees who are focused on getting the job done will create their own work-arounds to do so whether those work-arounds fall within company security policy or not, and it can also add to IT costs in some surprising ways,? he says.

For example, if you restrict access to the network to specific devices or employees, or require specific tools, your IT requirements become more inflexible, and that can result in higher prices from vendors as well as increased IT training costs.

?In general, you?re better off training employees about mobile device security, and offering a comprehensive enterprise mobility solution from a leading vendor that protects employee privacy as well as company data with on-device encryption,? Hansen adds.

Breezy?s secure mobile printing solution is fully integrated with industry leading enterprise mobility management tools like AirWatch, AppSense MobileNow, Aruba, Citrix, Good Technology, IBM (MaaS360, formerly owned by Fiberlink), MobileIron and Mocana. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Graphics credit: Visual artist Geralt offered this drawing of employees in a shared workspace under a Creative Commons License on Pixabay.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.