Bring-your-own-device (BYOD) access to company data via mobile devices is now a fact of life for most companies, whether they sanction it officially or not. However, according to research we at WatchDox recently sponsored with the Ponemon Institute, few organizations understand how much regulated data (draft financial filings, personal health information, etc.) ends up on mobile devices and how to secure it once it gets there. It also seems that few IT professionals are clear on whether compliance standards continue to apply to regulated data when it’s on a mobile device (hint: yes, they do).
Based on this information, it is not surprising that on average, organizations represented in the study experienced almost five mobile device-related data loss incidents in the past two years, resulting in the breach of an estimated 6,000 individual records per organization. There are other very interesting findings around which controls organizations are adopting to protect data on mobile devices; manually enforced policies predominate, with surprisingly low use of mobile device management (MDM) and mobile application management (MAM).
For those that dig into the data, the survey results show that regulated data on mobile devices and in the cloud is at risk because organizations do not:
Know how much regulated data is on mobile devices used by employees or transferred to cloud-based file sharing applications.
Prevent employees from accessing regulated data using unsecured mobile devices.
Make mobile data protection a top priority.
Take steps to monitor employees who access and use regulated data on mobile devices.
Ensure employees are aware of the importance of protecting regulated data on mobile devices. Respondents also believe that most employees, at one time or another, have circumvented or disabled required security settings on their mobile devices.
Have the necessary oversight or governance practices in place.
Failing to address the above issues can not only lead to a breach that puts company and customer data at risk, but it can also lead to costly compliance penalties, neither of which is good for a company’s reputation or bottom line.
To learn more about these risks, view the “2013 The Risk of Regulated Data on Mobile Devices” report here.