Employees speak up about mobile devices in the office
By Mike Weber, Managing Director and Christopher Lietz, VP Marketing & Channels, Coalfire
“Bring Your Own Device” is a megatrend in the workplace
It’s an exciting development for increasingly mobile and interconnected employees, but also a new challenge for IT security teams. Gone are the days where security professionals can lock down a finite set of machines and facilities; instead, they must manage an ever-growing, ever-changing landscape of employees, devices and applications; many of which have access to information that needs to be protected.
At Coalfire, we conduct thousands of IT audits every year across an array of industries and compliance mandates. And in the course of doing those audits, we are seeing more and more IT security leaders put policies and controls in place that are aimed at mobile devices. That’s good, but is their message getting through to the users?
To help answer this question, Coalfire conducted an informal survey of approximately 400 users (no IT or IT security professionals were included). We asked them about the devices themselves, how they used them, and if they understood the security policies in place to protect the data that resides on the devices.
Here are the highlights from the survey:
There are a huge number of devices out there – including smartphones, tablets and laptops - and most are employee-owned.
There are many uses for mobile devices – from email to social networking and more.
Passwords are weak, and strong password education is also weak.
A lot of risky behavior is going on – from email phishing and malware downloads to shared passwords and social engineering.
Mobile device security policies exist at many organizations, but very few employees know about them.
IT departments need to conduct more training.
Organizations must embrace the BYOD trend, but manage the risks accordingly.