Double Standard for Mobile Device Data Protection
CREDIT: Mobile data protection image via Shutterstock
Though an increasing number of professionals rely on personal mobile devices to access company data, that data doesn't get the same protection on those devices as it does on the corporate desktop, a new survey shows.
Over two-thirds of all small to mid-size businesses have a formal procedure for backing up company data, but less than a quarter have a formal policy in place regarding employees' use of personal devices for work purposes.
Mozy, an online backup service, surveyed more than 600 business decision makers at firms that routinely handle sensitive client information, including medical practices, legal, real estate and financial services firms.
Despite the expectation that professionals with sensitive client data would understand the associated risks and responsibilities, the survey results reflect that many professionals working remotely, and their companies, are either unaware or too casual about how to keep this information safe and secure.
One-third of all companies, researchers found, let employees make their own decisions about how to back up company and client data on their devices, and most companies polled did not have backup or data recovery plans that meet modern standards for data protection.
Forty-one percent of businesses readily store and back up company data on portable USB devices that may be used by family members, get lost or even stolen.
Legal professionals trailed the field, with 78 percent of lawyers reporting they were either not at all concerned, not that concerned or only somewhat concerned about the security of their company data for employees using personal devices for work.
While financial services and medical firms are more concerned about the security of their company data than companies in real estate, construction and law, the majority (more than two-thirds) in each of those industries expressed a lack of concern for risk of loss and security of company data.
Without adequate backup and other data security policies, many businesses are ill-prepared to protect company and customer data in the event of a hard-drive crash, loss or theft. The survey shows that 30 percent of companies suffered a hard-drive crash in the past year. In 70 percent of those cases, data was not fully recovered.
"If employees are using personal devices for work, companies should consider what kind of work can be performed on their devices, and how to ensure that confidential information is not at risk if the device is lost or stolen," said Gytis Barzdukas, Mozy's director of product management. "If your company doesn't have a backup and data recovery policy today, they really should put even a basic plan in place.
"Using tape, server and thumb drives is a start, but any good backup plan should consist of having both a local and offsite copy. Mozy recommends that all company data — whether it resides on employee personal devices or company equipment — be automatically backed up to a secure, reliable location."