Mobile Device Users Put Their Employers at Risk

Although many government workers fail to adequately protect information on their desktop and mobile devices, they have, on average, better security habits than employees in private industry, according to a new report from Mobile Work Exchange, a public-private partnership.

Only 11 percent of the government employees who responded to the study took sufficient security steps to protect their information and mobile devices, states “The 2014 Mobilometer Tracker: Mobility, Security, and the Pressure in Between,” which was commissioned by Cisco. These steps included tasks such as storing files in secure locations and locking a computer when away from an office or desk. Forty-eight percent of the survey respondents took steps to secure information, but needed to improve on their security habits, and 41 percent had habits that put themselves and their agencies at risk, the report reveals.

Individual employee responses for the study came from civilian and Department of Defense agencies, while agency responses came from the U.S Department of Homeland Security, U.S. Forest Service, the Federal Emergency Management Agency and other organizations.

“Agencies are definitely moving in the right direction, but defending ourselves against the evolving threat landscape is an ongoing challenge,” Cindy Auten, general manager of Mobile Work Exchange, wrote in an email to Baseline. “According to a recent GAO report, mobile malware attacks have increased by 185 percent in less than a year. That’s an alarming number, especially since mobile devices are an integral part of our daily work routine.”

In fact, the Mobilometer Tracker report shows that 90 percent of government workers use at least one mobile device for work, but 25 percent do not put a password on the device they use for work-related tasks. When they do use a password, 28 percent of the time it is an easy password to break, such as their name, the word “password”‘ or even 1234.

Even more concerning is that six percent of government employees said they have lost or misplaced a mobile device that they use for work. Mobile Work Exchange estimates that losing such devices could lead to more than 3,500 potential security breaches per agency. Part of the solution to improving security is to teach employees how to better protect their devices, according to Auten.

“Education through training is vital to any agency or organization,” she stated. “Fifty-three percent of respondents say their agency requires employees to take regular security training related to mobile devices. Providing written mobile security information is important, but as technologies continue to evolve, so should the training. There may not be an exact wake-up moment, but requiring regular security training educates employees and gives them the skill set to combat mobile security threats and keep data safe.”

Even though there is room for improvement in mobile security in the government sector, those employees still proved far more cautious about taking security precautions than employees from private industry who responded to the survey. For example, while 15 percent of government employees said they had downloaded a nonwork-related app on a work-related mobile device, 60 percent of respondents from the private sector said they had done so. In addition, 53 percent of government agencies require employees to take mobile device security training, but just 13 percent of private sector firms have that requirement.

“While the government is significantly safer than its counterparts, there is still much work to be done on both parts,” Auten stated. “However, the private industry is a much larger and unique entity. Unlike the government, each company has its own set of rules and policies, which makes it harder to enforce security protocol.

Nevertheless, she added, “Regular security training and individual efforts to educate and improve secure mobility habits can improve the safety of the workforce and protect critical data.”