Mobile security is not my problem, say workers

I saw a disturbing survey today that was carried out by Vision Critical on behalf of security firm Absolute Software.

The survey finds that one-quarter of enterprise workers do not think that data security is their responsibility and that they should face no punishment if they lose sensitive corporate data on their mobile phones.

Vision Critical polled 750 adults who used a mobile phone at work and worked for companies with more than 1,000 employees. Two-thirds of respondents use a mobile phone for both work and personal use, and more than half own the phone they use at work.

The survey found that many of the respondents had lost mobile devices with corporate data on it, yet 34 percent said they did not face any penalty for their carelessness, 30 percent only had to replace the device, while 21 percent got a good "talking to" but nothing else.

One quarter of respondents indicated that they did not know their company's procedure for dealing with loss or theft of work devices, and 10 percent said that their employer was not planning to introduce a procedure for the loss or theft of work devices.

More than one-third of respondents who had lost their mobile phones stated that they did not change their security habits as a result.

A full 59 percent of enterprise mobile users polled estimated the corporate data on their phones was worth less than $500. Yet a study last year by the Ponemon Institute and Symantec estimated that a data breach costs the average enterprise $5.4 million per incident.

Other surveys have shown a similar lax attitude about mobile security among employees as well as C-suite execs.

For example, a majority of Gen Y employees--ages 21 to 32--said they would ignore formal BYOD policies at their organizations, according to a survey of 3,200 Gen Ys by Fortinet. And senior execs surf for adult content on their mobile devices as well as download malware without telling IT, according to a survey by ThreatTrack.

So there is plenty of blame to go around. Rather than play the blame game, it's up to the company to educate their employees about the impact corporate data loss can have on the business and the best practices to keep that from happening. - Fred