Heads up: Mobile security incidents are on the rise

Smart Phone 4

Forget the Internet of Things. IT is still struggling to keep up with another, well-established threat: mobile security incidents. And research shows this one’s getting more and more costly. 

Mobile security isn’t a new concern. But according to a new Dimensional Research survey, The Impact of Mobile Devices on Information Security, it’s becoming widespread.

Whereas once only a few organizations had mobile support, the survey found that:

  • 75% of respondents allow personal devices to connect to corporate networks (up from 67% last year)
  • 91% said the number of mobile devices connecting to these networks is growing, and
  • 72% said personal devices connecting to networks has at least doubled in the last two years.

But for IT pros, this influx of devices doesn’t just mean mobile device management headaches. They’re also reporting that serious security risks can result from BYOD and mobile programs.

And those can be costly.

Mobile security headaches

More than three-quarters (82%) of security professionals surveyed said that they expected mobile incidents to increase in the coming year. And 18% said they expected mobile incidents to remain at the same level.

Not one security pro said that he or she expected mobile security incidents to decrease.

The kinds of incidents they worried most about included:

  • lost or stolen information (82%)
  • introduction of security weaknesses to be used in future attacks (61%)
  • compliance violations and fines (43%), and
  • the cost of replacing lost or stolen devices (31%).

And all those security risks add up to some serious change leaving companies’ pockets. When asked to put a cost figure on mobile security incidents, the results were alarming.

  • only a quarter of respondents (25%) thought it would be less than $10,000
  • a third (33%) said it would run between $10,000 and $250,000, and
  • the remainder (42%) expected mobile security incidents to result in $250,000-plus in losses.

These figures included remediation costs, staff time, legal fees and more. And like most things in life, and especially all things data-related, the costs just keep climbing.

Relying on users

There is some good news (or bad news, depending on your outlook). Most mobile security improvements can be made by addressing the age-old security asset, your users. While nobody is perfect, small strides in improving users’ security practices can make big differences.

Many tech analysts are recommending that corporate IT shifts its focus from automated solutions to user behavior in order to protect systems (sometimes called people-centric security). The thinking is that if you can tie security behaviors to things that matter to employees personally, they’ll be more likely to comply with policy.

For mobile devices, this tie-in is especially easy. Try emphasizing:

  • Personal connections. When users are given security policies for personal devices, it forms a more meaningful connection. They’re not just protecting company data. They’re protecting their devices, their data, their photos and their contacts.
    That can send the very clear message that IT is a helpful guide for protecting information, not a force putting restrictions in place.
  • Personal consequences. Most users appreciate the ability to work at home, on the road and from their own devices. But if they’re violating mobile policies, the threat of losing those privileges can be a powerful  incentive to think more carefully about mobile security.
  • Professional consequences. Ultimately, protecting data is protecting workers’ careers. Remind them that IT is there to help make sure they aren’t making policy violation mistakes, not to wait for them to make the mistakes tehn catch them in the act.

Make Smarter Tech Decisions

Get the latest IT news, trends, and insights - delivered weekly.

Privacy Policy