SME Toolkit Logo
Partner Logo
Home  > Mobile Device Thefts Adding to Mobile Security Challenges
 Share  Print Version  Email

Mobile Device Thefts Adding to Mobile Security Challenges

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.

Lost and stolen mobile devices increasingly challenge companies' mobile security efforts. The McPherson Sentinelreported on a U.S. Cellular survey of smartphone users, which found that 58 percent of people had a smartphone damaged, lost or stolen.

However, what is more troubling in terms of business mobile security was the revelation in a recent ZixCorp survey that 20 percent of those employees using a personal device for business would wait anywhere from a few days to over a week to report the device missing. This hesitance could potentially compromise company data if in the wrong hands for too long.

Why the Delay?

ZixCorp reports that the delay in reporting may be partly due to bring-your-own-device (BYOD) policies, as 43 percent of respondents were most concerned that their employer could access their personal information. Because employees fear losing contact information, personal photos, apps and emails if the employer wipes the device, they are often hesitant to report a device missing. An overwhelming 71 percent of respondents said they would avoid using a personal device if the company could completely wipe it in the case of theft, loss or termination from the company.

Overall, this points to the tenuous relationships employees have with IT departments that enforce personal mobile device policies in the workplace. While BYOD policies can provide numerous benefits, businesses need to consider how to get employees and BYOD on the same page regarding security.

The Damages

Stolen and lost mobile devices create a wave of costs and potential problems for the enterprise, and devices themselves become an immediate monetary loss. Company applications on the devices represent investment costs, which are especially crucial expenditures for midsize businesses with limited budgets. Calling plan costs, time lost by IT and others in dealing with the loss, and finally replacing the hardware and establishing new service all add up. And then there is potentially the biggest mobile security issue of all: the data loss.

Employees use mobile devices to check email, find customer contact information, share work documents and interact with company databases. Businesses will have to scramble to deal with compromised competitive or proprietary information, draining time and resources away from income-producing activities. If the compromised or stolen data infringes on privacy, affects compliance or involves credit cards, credentials and payment information, then the company suffers loss of trust, escalating costs and damage to its public image.

Stemming the Tide

Although the company can remotely wipe information from a device, that is no guarantee that thieves have not already compromised the data, given the percentage of employees who delay reporting loss or theft. The effectiveness of remotely wiping data from mobile devices has also recently been downplayed, as thieves are often astute enough to immediately turn off the device or put it in airplane mode.

Companies can mitigate the problems of lost and stolen mobile devices by making it clear to employees just how important it is to report the loss or theft quickly. It is also good policy to require employees to passcode protect their devices, and to remind them to do so often.

Many businesses now use mobile device management for company-owned mobile devices as well as employee-owned devices. A primary strategy is to keep company information separate from employee personal information on mobile devices, and to have company information encrypted.

This article was written by Duane Craig.

 Share  Print Version  Email