CIOs battle worker apathy over lost or stolen mobile phones

By , CIO |  Security, Mobile Security

Like spoiled teenagers, American workers are telling their CIO that lost or stolen phones are simply not their fault, not their problem. Corporate data theft is no big deal. It's just a phone, they say. Besides, aren't you responsible for mobile data security?

It's enough to make a CIO's blood boil.

In a survey of 750 U.S. workers in industries such as banking, retail, healthcare and energy, conducted by Absolute Software in November, there appears to be a general feeling of apathy toward mobile security.

Even if employees leak or lose corporate data, 25% of respondents say it's not their problem. Of those who actually lost a phone, 34% were not punished, 30% had to replace the device and 21% simply had a "talkin' to." Given such lackadaisical responses, it's no surprise that one-third of respondents who had lost their phones did not change their security habits afterwards.

[Related: The BYOD Mobile Security Threat Is Real]

Part of the problem is that employees don't really know what's at stake nor do they bother to understand the security portion of the user policy. In the survey, 59% estimated the value of the corporate data on their phones to be less than $500 -- although that's hardly the case.

"If we end up on the front of the Fresno Bee because an attorney left his phone at the bar... the damage to your reputation could literally be millions of dollars," CIO Darin Adcock at California-based law firm **** Dowling Aaron, told CIO.com. ****

Are CIOs to Blame?

To be fair, CIOs must shoulder some of the blame for workers being uniformed about mobile security user polices, which can get a little dense. One out of four workers doesn't know company procedure for dealing with work device loss or theft, according to the survey. It's a communication problem that's not solely the worker's fault.

Additionally, CIOs say lots of employees will keep looking for a lost phone for weeks and not report it (although the policy says they should) out of fear it'll get wiped and they'll lose personal data. That's also perhaps a problem with the policy in relation to human behavior.

"If firms don't set clear policies that reflect the priority of corporate data security, they can't expect employees to make it a priority on their own," says Tim Williams, mobile enterprise data expert at Absolute Software.

But clear user policies aren't the only way to get employees to pay attention to the dangers of mobile data loss. Paul Luehr, managing director at Stroz Friedberg, a global data risk management company with a cyber-crime lab, told CIO.com that he's seen the fallout from a lack of consequences for poor security at the individual level.

"We think it's a good policy to make sure that security is not just part of an overall HR policy but, especially for some people, it's part of their annual performance evaluation," Luehr says.

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at tkaneshige@cio.com

Read more about cio in CIO's CIO Drilldown.

Don't miss...


18 hot IT certifications for 2014

6 IT hiring tips to weed out the duds

The helpful, handy, FREE programs your new PC needs

  Sign me up for ITworld's FREE daily newsletter!
Email: 
 


Originally published on CIO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness