Despite the constant appearance of new mobile threats, many enterprises not only remain complacent about mobile security, they are becoming increasingly careless, a new survey shows.
The enterprise security and risk review by MobileIron flags several troubling trends:
- 40 percent of respondents reported having missing devices in the second quarter of 2016, up from 33 percent in the fourth quarter of 2015.
- 27 percent of enterprises had outdated mobile security policies in Q2, up from 20 percent in Q4 2015.
- Only 8 percent of respondents said they were enforcing OS updates in Q2, comparable to Q4 2015.
- 61 percent of government organizations had at least one non-compliant device in Q2, compared to the global average of 53 percent.
Sigh. Where to begin?
Our cyber world is fraught with danger, and it is incumbent upon IT professionals to take the necessary steps to protect enterprise data and networks. Failure to do so inevitably results in security breaches that can damage an enterprise in terms of revenue, customer loyalty, brand image, disaster recovery costs and possibly fines and penalties for noncompliance.
And yet the survey indicates that enterprises are becoming more careless about mobile security, not less. The fault for this negative trend must fall upon enterprise IT. I’d even blame the increase in missing devices less on careless employees (who always have existed) and more on IT for failing to educate and remind employees about mobile device best practices through regular training and the communication of clear policies.
A LinkedIn survey from several months ago raised another concern: lack of basic awareness among enterprise IT about what security measures they have implemented. Nearly one-quarter of respondents weren’t sure how frequently they wiped data from the devices of departing employees.
Mobile security best practices require a comprehensive strategy that covers devices, apps, data, endpoints and the network. These best practices must be defined, articulated, and — most important of all — followed to the letter. Otherwise you’re simply inviting security breaches.
Does your enterprise have mobile security best practices? And does it actually practice them?