Businesses very lax on mobile security

Businesses are proving to be extraordinarily lax when it comes to mobile security, with 64% of organisations allowing their users to store unencrypted company information on smartphone devices.

Last week the Information Commissioner handed out the first of probably many more big fines to organisations, who didn’t take security seriously enough. It fined one business £60,000 for an unencrypted laptop that went missing with customer data. However if figures from a new Goode Intelligence survey on mobile security are correct, then it looks like there will be plenty more businesses joining them.

Findings from analysts Goode Intelligence’s “2010 Mobile Security Survey”, show that 64% of organisations surveyed allow their users to store unencrypted potentially confidential information on their smart mobile devices (SMD).

In addition, 44% of the organisations surveyed do not have a documented, specific security policy for mobile phones.

“Smartphones and tablet computers are having a transformational effect on the way that an organisation does business and manages information” said Alan Goode, Managing Director, Goode Intelligence. “Mobile phone security is an extremely hot topic at the moment and 2010 has been a defining year for the industry. There is a big question over whether information security professionals can keep up with the pace of change currently seen with smart mobile devices and if they can manage the risks associated with them.

“Smartphones, media players and tablet computers running a variety of mobile platforms have exploded into organisations around the world and there is enormous pressure on information security and IT functions to business-enable these ‘consumer’ devices. In 2009 the iPad didn’t exist yet just one year later our survey shows that some 40% of organisations are seeing iPad adoption – this is a remarkable figure and quite possibly unprecedented.”

mSecurity awareness

The survey shows that in 2010 only 32% of information security professionals feel that their awareness level regarding mSecurity is inadequate. This is a significant improvement compared to 2009 when the GI mSecurity Survey reported that almost 90% considered their awareness to be inadequate. However overall general awareness has not improved with 68% stating that they felt that there was no general (end-user/employee) awareness for mSecurity.

“This is certainly an area of concern for information security professionals that needs to be addressed” said Alan Goode. “While the security community has educated itself there is still a lack of awareness amongst end-users. A number of organisations are still failing to implement mobile security policies and even more disturbingly, a significant number allow employees to store company information on their SMDs, including email, without encryption. This is a serious issue for those attempting to control data loss in an organisation.”

The highlights version of the report is available free of charge from Goode Intelligence ( and covers some of the key areas that are explored in the full version of the report.

  1 comment for “Businesses very lax on mobile security

Comments are closed.