Apricorn has published new research highlighting that a lack of rigor and consistency when it comes to protecting data poses significant security risks, as 70 per cent of IT decision makers agree that securing corporate data is an ongoing battle.
The research, conducted by Vanson Bourne, found that around a third (29 per cent) of surveyed organisations have already experienced either a data loss or breach as a direct result of mobile working. A significant proportion – as many as 44 per cent – expect that mobile workers will expose their organisation to the risk of a data breach.
Underlining this concern, almost half (48 per cent) of the surveyed companies say employees are one of their biggest security risks. The survey results show that mobile working is a major problem as companies are still uncertain how to enforce adequate security policies, and many have no viable strategies in place. As mobile devices extend the boundary of the corporate network, ensuring confidentiality, integrity and availability of the data that the devices access, process and store is a constant challenge. Fifty-three per cent of surveyed companies said that managing all of the technology that employees need and use for mobile working is too complex, while 35 per cent complain that technology for secure mobile working is too expensive.
The survey also found that one in ten companies with over 3,000 employees do not have a security strategy that covers remote working and BYOD. One in ten companies, regardless of size, don’t have a strategy that covers removable media, such as USB sticks. Removable devices such as compact flash drives can pose a huge risk to businesses, not only because they are easy to lose or steal, but also in terms of the malware they can introduce to networks. Worryingly, roughly a quarter (23 per cent) of surveyed organisations admit that they have no way of enforcing relevant security strategies they have in place, which is almost as risky as having no policy whatsoever.
Despite some having defined security policies for mobile working, nearly 7 in 10 (68 per cent) say they cannot be certain that their data is adequately secured when employees work remotely or on mobile devices. Encryption is the most viable option for organisations to protect valuable data outside of the corporate network, whilst also balancing control and accessibility. However, only a third of those surveyed say they enforce hardware and software encryption of their data, and 12 per cent do not have any policy at all regarding encryption for data that is taken away from the office.
“Whilst data protection is not a straightforward task, companies (particularly those in the private sector) are trusted by their customers to follow basic best practices. Despite this, 38 per cent say they have no control over where company data goes and where it is stored. Organisational struggles with enforcing data protection regulations and compliance standards are putting confidential data at risk,” said Jon Fielding, Managing Director, Apricorn EMEA. “The repercussions associated with a data breach are huge, both in terms of financial and reputational damage. Regulations are put in place to protect the data, its owner and the company responsible for it,” he added.
In 2018, the financial implications will increase when the European General Data Protection Regulation (GDPR) comes into force, and fines of up to ˆ20 million or 4 per cent of global annual turnover are introduced. The survey found a distinct lack of awareness amongst UK companies when it comes to the GDPR requirements: “Companies will need to ensure personal data of European citizens is secure but, disturbingly, 24 per cent of the surveyed organisations are not even aware of the GDPR and its implications. On top of this, 17 per cent are aware of the regulations, but don’t have a plan for ensuring compliance,” Fielding noted.
When asked about the greatest security risk to their organisation in 2017, half of respondents (51 per cent) cited outdated software, followed by employees (48 per cent), and the cloud (40 per cent) among their top risks. More than a third of those surveyed said BYOD and mobile working were among the biggest liabilities. While many organisations recognise the security problems associated with mobile working, sometimes it’s down to a lack of adequate training or not providing the right tools: Over half (57 per cent) of respondents agree that while their mobile workers are willing to comply with security measures, they don’t have the necessary skills or technology to keep data safe. And it may get even harder to secure and enforce data protection in the future as 47 per cent agree, or strongly agree, that while the younger generation of workers is more technology savvy, they care less about security than the older generation.