by Brianna Crandall — January 24, 2014—Facilities managers who use their mobile devices for work or supervise mobile workers who do should be aware of a new study recently announced by public-private partnership Mobile Work Exchange, The 2014 Mobilometer Tracker: Mobility, Security, and the Pressure In Between. The study highlights the most critical findings of the Secure Mobilometer, a self-assessment tool designed to better understand mobile security pressure points and vulnerabilities. Commissioned by Cisco, the report reveals that 41% of the government employees who used the assessment tool are putting themselves and their agencies at risk with existing mobile device habits.
The report notes that 90% of government employee respondents use at least one mobile device—laptop, smartphone, and/or tablet—for work purposes. Many government respondents are taking basic steps to secure agency data. A full 86% lock their computer when away from their desk, 86% have a safe alternative workplace compatible for work, and 78% always store files in a secure location.
Despite these secure actions, the report indicates that government employees are not showing the same caution for mobile devices. They are practicing potentially dangerous behaviors, including the use of public Wi-Fi (31%), a lack of multifactor authentication or data encryption (52%), and failure to use passwords on mobile devices for work (25%). Even when employees do use a password, nearly one in three admits to using an “easy” password and 6% of those admit to having it written down.
When the appropriate security policies and procedures are in place and enforced, a mobile workforce can be a tremendous asset to a government agency, notes the Mobile Work Exchange. However, 57% of respondents who took the assessment from an agency/enterprise-wide perspective are perceived as failing to secure agency data, with gaps in mobile policies and security systems.
Despite the Federal Digital Government Strategy, the report shows that more than one in four government employees have not received mobile security training from their agencies. Additionally, just 50% of respondents noted that their agencies have formal, employee-focused mobile device programs. Half of the agencies that took the assessment are reportedly missing fundamental mobile security steps, like utilizing a remote wipe function, or adding multifactor authentication or data encryption on mobile devices.
“In the near future, the number of mobile devices will exceed the world’s population, and by 2017, we expect more than 10 billion connected mobile devices,” said Larry Payne, Cisco vice president, U.S. Federal. “With the proliferation of devices, security continues to be a major concern. The 2014 Mobilometer Tracker study shows that 6% of government employees who use a mobile device for work say they have lost or misplaced their phone. In the average federal agency, that’s more than 3,500 chances for a security breach. Organizations need to take the necessary steps to protect their data and minimize the risk of data loss.”
Despite shortfalls, government respondents scored considerably safer on the Secure Mobilometer than their private-sector counterparts. What can the private sector learn?
- Know your workforce: 97% of government respondents who telework say they have a formal telework agreement in place versus just 56% of private-sector respondents.
- Know your devices: 53% of government agencies require employees to register mobile devices with the information technology (IT) department versus just 21% of private-sector organizations.
- Require training: 53% of government agencies require all employees to take regular security training related to mobile devices versus just 13% of private-sector organizations.
- Minimize risks: In a world where IT leaders must support users’ private devices, security becomes paramount. 15% of government respondents have downloaded a non-work-related app onto the mobile device they use for work, versus 60% of private-sector respondents.
“While the government is significantly safer than its counterparts, there is still much work to be done,” said Cindy Auten, general manager of Mobile Work Exchange. “Ensuring policies are being enforced is the best way to secure critical government data. Closing this gap equips government employees with the knowledge to thwart potential security breaches.”
The 2014 Mobilometer Tracker: Mobility, Security, and the Pressure In Between is based on the findings from the Secure Mobilometer from September, October, and November 2013. This report reflects the calculator inputs of 155 individual government responses and 30 agency responses. It also reflects the input of 97 individual and 24 organization responses from the private sector. The full study is available online.
Mobile Work Exchange is a public-private partnership focused on demonstrating the value of mobility and telework, and serving the emerging educational and communication requirements of the federal mobile/telework community. The organization facilitates communication to more than 33,000 federal IT directors/managers, CIOs, CHCOs, telework managing officers, and key stakeholders—all focused on building a sustainable and effective mobile workforce.
