Only 1 in 8 companies has a fully implemented mobile device security policy

The number of IT security incidents involving smartphones and tablets is on the rise, and most companies have no plans to limit the use of personal mobile devices for work-related purposes. Only about 14% of companies have a fully developed mobile security policy for their corporate networks. This is just one of the surprising findings of B2B International’s Global Corporate IT Security Risks 2013 study, which was conducted in collaboration with Kaspersky Lab this spring.

More mobile devices – smartphones and tablets – are being used at work on a daily basis. These devices are also often owned by the employees and are being used for both personal and business purposes. Having important corporate and personal information (e.g., contacts, apps, etc.) on one device is certainly convenient, but it also poses a security risk to any business. Nearly 65% of survey participants admitted that the Bring Your Own Device environment (BYOD) is a growing threat to the security of corporate IT infrastructures. At the same time, nearly 64% of companies do not have plans to impose any prohibitive policies on mobile devices, and about half the companies surveyed believe restrictive measures would be useless.

Additional findings from the study include:

• 6% of respondents identified mobile devices as the source of at least one confidential data breach over the past 12 months and, while this may only be a 1% increase from 2012 figures, mobile devices caused more critical data breaches than phishing attacks (5% of companies), employee fraud (4%), or corporate espionage (3%).
• Roughly 41% of survey participants reported that their companies do have a policy, but not one that is fully developed.
• 32% of respondents planned to roll out a mobile device security policy in the future.
• 13% said that they have no policy in place, and no plans to develop one.

The use of internal corporate rules governing the use of mobile devices could greatly reduce the business risks associated with smartphones and tablets. But a well-developed mobile device security policy tends to be the exception rather than the rule.

One reason why these IT security policies are not fully implemented may be a shortage of resources in terms of time and money. Nearly half (48%) of those who reported having a mobile device security policy in place said that insufficient funds had been allocated for this, with another 16% stating that no additional funds had been allocated at all.

How to make policies work

Effective Mobile Device Management (MDM) solutions, as provided through Kaspersky Security for Mobile, enable corporate policies to be remotely deployed and enforced, even on BYOD devices. For example, companies can choose to limit the list of applications that can be launched on a mobile device, or block attempts to redirect the user to a malicious website via a smartphone or tablet web browser. Containerization allows corporate data and applications to be isolated and encrypted, and in the event of loss or theft of the device, the container can be remotely wiped. Offering powerful anti-malware protection and unified management through a single console, Kaspersky Security for Mobile can be purchased separately, or as a feature of Kaspersky Endpoint Security for Business, the integrated security platform.